- Office of Attorney General Maura Healey
Media Contact for AG Healey Launches Investigation Into T-Mobile Data Breach, Urges Consumers to Protect Themselves From Identity Theft and Fraud
BOSTON — Following a major data breach at international wireless carrier T-Mobile, US, Inc. that compromised personally-identifying information of over 50 million people nationwide, Attorney General Maura Healey has launched an investigation to determine whether the company had proper safeguards in place to protect consumer information and mobile device information. AG Healey is also urging consumers who are current or former customers of T-Mobile to take steps to protect themselves from identity theft or fraud.
According to T-Mobile, personally-identifying information of at least 13.1 million current customers and 40 million former and prospective customers was compromised after T-Mobile’s computer network was breached in July 2021. The information breached included names, drivers’ license information, government identification numbers, Social Security numbers, addresses, and dates of birth. For some consumers, T-Mobile prepaid pins, phone numbers, International Mobile Equipment Identity (IMEI) numbers, and International Mobile Subscriber Identity (IMSI) numbers were also illegally accessed.
The AG’s Office has launched an investigation into the circumstances of the breach and the steps the company is taking to address it and notify consumers, and to determine whether the company had proper safeguards in place to protect consumer information and mobile device information.
“My office is extremely concerned about how this data breach may have put the personal information of Massachusetts consumers at risk,” said AG Healey. “As we investigate to understand the full extent of what’s happened, we urge impacted consumers to take the necessary precautions to ensure their information is safe, and to prevent identity theft and fraud.”
In response to the breach, T-Mobile is offering consumers various free theft protection services, including scam and account take-over protection for their cell phones. These services can be accessed via T-Mobile’s website. T-Mobile also recommends that customers reset account pins and passwords as an added precaution. The company has set up a consumer care hotline that can be reached by dialing 611 from a T-Mobile phone or calling 1-800-937-8997.
T-Mobile has directly notified the primary account holder of current T-Mobile accounts if a user of that account has been affected. T-Mobile has indicated that it is working to notify former and prospective customers if they have been affected.
Even if you have not received notice from T-Mobile about this breach, AG Healey’s Office urges consumers who have T-Mobile service, or who had or applied for T-Mobile service in the past, to consider taking steps to protect themselves from identity theft. In addition to the services offered by T-Mobile on its website, these steps include the following:
- Place a credit freeze on your credit report. Unlike credit or identity theft monitoring (which alerts you after potential identity theft has already occurred), a credit freeze makes it harder for someone to open a new account in your name. It is among the strongest precautions you can take to protect your credit. Keep in mind that a credit freeze won’t prevent a thief from making charges to your existing accounts. It also requires you to “lift” the freeze if you want businesses, cell phone providers, lenders, or employers to be able to review your credit. It’s free to place, lift, or remove a freeze. The FTC offers more information about credit freezes here.
- Check your credit reports from Equifax, Experian, and TransUnion — for free — by visiting annualcreditreport.com. Accounts or activity that you don’t recognize could indicate identity theft. Visit IdentityTheft.gov to find out what to do.
- Beware of phishing attempts and unsolicited texts, calls or emails notifying you of fraud on your accounts or offering credit monitoring or identity theft services. Consumers should never provide their social security number, credit card or bank account numbers, passwords, or other personal information in response to unsolicited emails or calls. Consumers should also not click links provided through a text they are not expecting. If you are concerned about one of your accounts, log into your account directly from your institution’s webpage (and not a link provided in the text).
For more information, contact the Attorney General’s consumer hotline at (617) 727-8400, review the Attorney General’s Guide to Identity Theft, or view the Federal Trade Commission’s identity theft resource, available at www.consumer.gov/idtheft/.
If you believe you are the victim of identity theft, you will need to take additional steps to protect your credit and your personal information. For more information on how to protect yourself, please see the FTC’s step-by-step guide at https://identitytheft.gov/.
The investigation into T-Mobile is being handled by the AG’s Data Privacy and Security Division.