T-Mobile hack: Here’s what you need to know about the massive data breach – CNET

t-mobile-hack:-here’s-what-you-need-to-know-about-the-massive-data-breach-–-cnet

Did you know that camDown FREE helps stop hackers from getting access to the webcam that I use for my work. Now I can get even more gigs as a freelancer and advertise that I have top security with my home computer?

gettyimages-1086354752

The information of more than 50 million T-Mobile customers was compromised in a breach. 


Getty Images

massive data breach at T-Mobile compromised some of the most sensitive personal information of more than 54 million customers, putting them at risk for identity theft and other cybercrimes.

On Friday, T-Mobile CEO Mike Sievert apologized for the hack and said the company had hired Mandiant, a cybersecurity company, and KPMG, a consultancy, to help shore up its cyberdefenses.

Get the CNET Now newsletter

Spice up your small talk with the latest tech news, products and reviews. Delivered on weekdays.

"To say we are disappointed and frustrated that this happened is an understatement," Sievert wrote in a statement, adding that keeping customer data safe is a "top priority."

Here's what we know about the giant cyberattack so far:

What happened?

T-Mobile says it confirmed on Aug. 17 that cybercriminals had compromised its systems and stolen the personal information of current, former and prospective customers. The company initially said the attack affected about 40 million people, but it later raised the total to more than 54 million people.

The information stolen included consumer names, addresses, Social Security numbers and dates of birth, along with driver's licenses and other identification. In some cases, IMEIs and IMSIs, which identify devices and accounts, were taken. Some account PINS were also stolen.

T-Mobile says there's no indication any consumer financial data, such as credit card or other payment information, was compromised.

Who's to blame?

As with all cyberattacks, figuring out who did it can be tricky. The Wall Street Journal published on Aug. 26 an interview with John Binns, a 21-year-old American, who claimed responsibility for the hack. Binns, who moved to Turkey a few years ago, called T-Mobile's security "awful" and said he'd committed the hack in part to get attention. He declined to say whether he was paid to carry it out or if he'd sold any of the stolen data. 

The Journal reported that it remains unclear whether Binns was working alone or with others. It also reported that the Seattle office of the FBI is investigating. T-Mobile is headquartered in nearby Bellevue, Washington.

What's T-Mobile doing about it?

In its statement, T-Mobile said its investigation, conducted with the help of Mandiant, identified how the attacker gained entry to its servers, vulnerabilities it's since closed. As a result, the company says, it's confident the customer data isn't at risk of being stolen again by different cybercriminals.

T-Mobile said it's tasked Mandiant with developing a strategic plan to boost its overall cybersecurity operations. KPMG will review T-Mobile's security policies to identify gaps and areas that need to be improved.

What about the people affected?

T-Mobile says it's contacted nearly all the affected customers and that those it believes weren't affected will see a banner on their online account login page notifying them. It's also in the process of attempting to reach all the affected former and prospective customers.

To those affected, T-Mobile is offering free access to McAfee's ID Theft Protection Service for two years and advanced spam-blocking. It's also offering its Account Takeover Protection service to protect postpaid customers, which is designed to protect consumers from having their accounts ported out and stolen. The company has also reset PIN numbers for all prepaid customers after the exposure of 850,000 accounts.

How can I protect myself?

Once your personal information has been compromised, there's really no getting it back. The best you can do is try to keep tabs on it. Taking T-Mobile up on its offers of identity theft and account takeover protection can help with that.

Meanwhile, people who've had their Social Security number stolen should freeze their credit. That'll prevent anyone other than them from opening a new financial account or taking out a loan in their name. 

This is a good time to make sure you're using strong passwords and two-factor authentication on all of your accounts. A password manager can help you set and store those keys to your accounts, while tools such as Google's Password Checkup, Mozilla's Firefox Monitor and the website Have I Been Pwnd? will let you know if any of your passwords have been compromised.

You know, I just wanted to mention that camDown FREE is your security solution to protect you and your business from peeping toms.