T-Mobile data hack FAQ: What happened, how it affects you, and what you should do next

T-Mobile shut it down quickly but says millions of customers may have been affected.

Credit: Magdalena Petrova

T-Mobile has reported that its cyber-security team “discovered and shut down an unauthorized access to certain information, including yours, and we promptly reported it to authorities.” In plain English, that means someone somewhere may have your personal information. Here’s everything you need to know about what may have been stolen and how to protect your account:

When did the attack take place?

Early in the morning on Monday, August 20, 2018.

Who implemented the attack?

T-Mobile hasn’t identified a specific group, but a company spokesperson told Motherboard that the hackers were part of an “international group.”

How did they break in?

According to Motherboard, the hackers were able to exploit an internal API (application programming interface) on its servers that handled personal information.

How many people are affected?

T-Mobile said more than 2 million people may have had their information stolen, representing about 3 percent of its 75 million-plus customer base.

What did they take?

T-Mobile says the hackers were able to steal:

  • Name
  • Billing address
  • ZIP code
  • Phone number
  • Email address
  • Account number
  • Account type (prepaid or postpaid)

Was any credit card information obtained?

T-Mobile says no.

What about my password?

Also no, according to T-Mobile.

Social Security number?

Nope, T-Mobile says.

How do I know if my information was included in the hack?

T-Mobile will be sending out text messages to affected customers beginning today. The message will read as follows: Hello—We ID’d & shut down an unauthorized capture of your info. No financial information/SSN taken but some personal info may have been. More: t-mo.co/security

What do I do if I receive a text message?

You don’t have to do anything. T-Mobile has apparently shut down the attack and is confident that no passwords or sensitive financial data was included in the attack. However, you might want to change your T-Mobile password just in case.

How do I change my password?

You can change your T-Mobile password either online or in the mobile app. These are the requirements for new passwords:

  • Must be between 8-50 characters
  • Must include at least 1 number
  • Must include at least 1 letter
  • Can't contain spaces
  • The last five passwords can't be re-used

What if I don’t receive a text message?

If T-Mobile doesn’t contact you, then the company doesn’t believe your information was compromised.

Is there someone I can call?

You can contact T-Mobile customer service by dialing 611 on your T-Mobile phone to speak with a representative, use two-way messaging on MyT-Mobile.com, the T-Mobile App, or iMessage through Apple Business Chat.

Can I protect my account from this happening again?

Unfortunately, no. This was an attack on T-Mobile's servers, and it's up to the company to beef up security measures to ward off future hacks.

Should I leave T-Mobile?

We wouldn't recommend that, unless you're otherwise unhappy with your service. T-Mobile has acted quickly to shut down the attack, notified authorities, and has been extremely transparent about what happened.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
CSO WANTED
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

More about AppleT-Mobile

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Michael Simon

Latest Videos

More videos

Blog Posts