Considering all of the recent stressors – flooded basements, job insecurity, ongoing pandemic, fears that the delta variant will wreak havoc in the future – I’d dare say that a lot of people don’t know. aren’t too worried about data breaches and identity theft.

But crooks don’t give up.

T-Mobile recently confirmed that it was hit by a “highly sophisticated cyber attack” that revealed the names, dates of birth, social security numbers and driver’s license information of more than 40 million consumers who had requested a credit from T-Mobile.

No phone number, password or account number would have been compromised, according to the company. But some wonder if that statement will eventually be updated to say the phone numbers have been compromised. Some data and screenshots shared by hackers suggest otherwise, according to a report by KrebsOnSecurity.

“T-Mobile customers should expect phishers to take advantage of public concern over the breach to impersonate the company and possibly even messages that include details of the compromised account of the. recipient to make communications more legitimate, “according to a warning from KrebsOnSecurity.

T-Mobile also said it has confirmed that approximately “850,000 active T-Mobile prepaid customer names, phone numbers and account PINs have also been exposed.”

The company said it has proactively reset all PINs for these prepaid accounts.

Other customers, however, are encouraged to change their PIN code by logging into their T-Mobile account or calling the company team by dialing 611 on their T-Mobile phone.

Paige Schaffer, CEO of Global Identity and Cyber ​​Protection Services at Generali Global Assistance, said some people might even want to temporarily remove some of the apps, such as their banking app or credit card app, that they have on. their phone while this investigation continues. .

If you keep passwords on your phone, which you shouldn’t, she said you’d want to make sure you remove those passwords as well.

Hacking incidents can seem so common that we only pay attention to the big guys these days. But consumers need to be aware that they need to be more careful now because more information about them could be in the hands of bad actors.

“The pandemic hasn’t helped matters. This made the climate conducive to fraudsters, ”Schaffer said.

T-Mobile did not say if the IMEI numbers, which are unique identifiers linked to your phone, have been compromised.

If those numbers are released, experts warn there is a greater threat that bad actors could take over accounts and possibly gain access to your bank account through the app on your phone at some point. International mobile equipment identity numbers are not as commonly available to scammers, such as your date of birth, name, and social security number, so they can be very valuable to hackers.

Schaffer noted that consumers access a lot of offers on their phones, which makes the risks of a SIM swap, in which your phone number can be stolen, quite concerning. Operators put guarantees in place, but the possibility of strangers taking your phone number exists, if the right information is available.

Someone who is able to control your phone number can control your online world.

Hackers, of course, have a lot of them when dealing with stolen social security numbers and other identification.

Stolen ID information can be used for all kinds of nefarious activities, including allowing crooks to open a credit card in your name, apply for unemployment benefits using your ID, rent an apartment , find a job using your social security number, file false income tax returns. to steal tax refund money and commit medical identity theft.

“The T-Mobile violation is of great concern, particularly to the 40 million people whose names, social security numbers and driver’s license details have been exposed,” said Adam Levin, CyberScout Founder and Host from the podcast “What the Hack with Adam Levin.”

Levin said the possible crimes are almost limitless and called the information “an El Dorado for crooks and identity thieves.”

Unfortunately, Levin said, the general public has become unresponsive to the endless news cycle of data breaches, cyber attacks, ransomware attacks, and phishing campaigns.

“Telecom operators are ideal targets for threat actors,” Levin said.

“Even a small operator like T-Mobile with around 10% market share still represents tens of millions of customers and huge data treasures,” he said.

Hackers, however, are looking for all kinds of targets, not just big branded companies.

The Internal Revenue Service, for example, warned in August that identity thieves continue to target tax professionals and others.

Susan Allen, senior director of the tax practice and ethics team at the American Institute of CPAs, said the COVID-19 pandemic has spawned numerous tax scams and identity theft issues.

Scammers had more of an incentive to try to tap into the stimulus payments provided during the pandemic, as well as to increase unemployment benefits.

She noted that the IRS’s Dirty Dozen list of tax scams for 2021 highlighted thefts related to things such as economic impact payments and tax refunds, phishing schemes and unemployment fraud leading to unemployment. incorrect 1099-G forms, and many more scams.

Taxpayers, for example, are warned to watch out for text messages, random incoming phone calls, or emails that ask for bank account information or ask someone to click on a link or verify data relating to the bank account. any stimulus payment.

The IRS does not contact people by phone, email, text, or social media to ask for social security numbers or other personal or financial information related to economic impact payments.

“There are telltale signs of identity theft that tax professionals can easily ignore,” IRS Commissioner Chuck Rettig said in a statement.

Signs of fraud include the rejection of a tax return because a person’s social security number has already been used on another return. Or suddenly receive tax-related emails that your tax professional really didn’t send.

The IRS has warned tax professionals to watch out for other signs, including the following:

• See a computer cursor move or change numbers without touching the mouse or keyboard.

• Hearing of clients who claim to have received IRS authentication letters such as 5071C, 4883C and 5747C even though they have not filed a statement.

Victims, for example, may receive a notice from the IRS that they received a salary from a location where they never worked. Or if you’re retired, you might even get a notice from the Social Security Administration that benefits will be reduced or stopped because IRS records show you worked and got paid when you didn’t. really wasn’t.

While it can be tempting to ignore another data breach or weird signs of identity theft, experts say it’s best to be careful of what’s going on.

Take advantage of all the credit monitoring services on offer, such as the two years of free identity protection services through McAfee offered to T-Mobile customers.

Check your free credit report at One in three consumers have never checked their credit report, according to an earlier study conducted by The Harris Poll on behalf of the American Institute of CPAs.

Think carefully about freezing your credit report for free through the three major credit bureaus, Equifax, Experian, and TransUnion. You will need to contact each office individually for a freeze. See information on:


Experience :


A freeze is a free service that will prevent new accounts from being opened in your name. Freezing your credit will not hurt your credit score. However, you will need to lift this freeze before you can apply for a car loan, credit card, or other loans on your own.

You can access any credit cards or lines of credit that you have already opened, even if your credit is frozen. Criminals could still try to tap into existing accounts, so watch your statements.

Change your passwords, as you should on a regular basis anyway.

Of course, who has the energy for another data breach? Yet being too exhausted to act gives hackers an advantage.

Susan Tompor is a personal finance columnist for the Detroit Free Press. She can be reached at [email protected].