Big Yikes

T-Mobile confirms millions of social security numbers were stolen in hack

NEW YORK, NEW YORK - AUGUST 18: A clerk at the T-Mobile store in Times Square provides curb side ser...


Approximate number of personal records stolen in the hack.


Roy Rochlin/Getty Images Entertainment/Getty Images

Earlier this week, T-Mobile confirmed that it was investigating a systemwide hack but hadn’t yet discovered the extent of the breach. Today the company announced its findings: 40 million current and prospective customers’ data have been stolen, including personal information like social security numbers, birth dates, and driver’s license information. So, you know, plenty of info to ruin someone’s life.

“Importantly, no phone numbers, account numbers, PINs, passwords, or financial information were compromised in any of these files of customers or prospective customers,” the company said in its statement.

Prepaid customers were perhaps the worst affected by the hack; T-Mobile has confirmed that about 850,000 of these customers’ names, phone numbers, and account PINs were exposed alongside their other identifying information. This is, indeed, good news, though it’s certainly made less happy by the many other pieces of data stolen by hackers. And it’s all been posted for sale on a popular hacking forum.

Some compensation — As unfortunate as it is to admit, hacks are pretty much inevitable now. They’re part of the risk we take by utilizing the internet’s connectivity for just about every aspect of our daily lives. At the level of T-Mobile’s prestige, the company’s servers are likely locked down with top-of-the-line security protocols — and yet hackers were still able to worm their way in.

Many companies put in this position simply shrug and say we’re sorry. T-Mobile is at least giving customers some assistance in mitigating the fallout of the hack. Anyone potentially affected by the hack will be given two free years’ access to McAfee’s ID Theft Protection Service, which helps monitor your credit information (as well as the dark web) for any potential breaches. That alone doesn’t exactly remove all risk associated with the hack, but it’s much better than doing nothing at all.

But…there could be more — T-Mobile made it clear from the get-go that it was taking the hack seriously. Even before the extent of the hack had been made clear, the company said it was confident that the entry point used to gain access had been closed.

But T-Mobile also says there could be more fallout news waiting to drop. The company said in its statement that “there was some additional information from inactive prepaid accounts accessed through prepaid billing files” — but T-Mobile hasn’t yet confirmed what information was accessed from those files.

If there’s any lesson to be learned here, it’s that sharing personal information — even with well-respected tech companies — is always, always a risk. The best thing any of us can do is be prepared to deal with the possible consequences of that personal information getting out.