▶️ Listen to this article now.
SANDPOINT — The T-Mobile hack in 2021 has the ability to negatively affect as many as one in three people in the United States, including many who never used T-Mobile or any of their products and services.
Although many in Bonner County do not use T-Mobile as their carrier, the breach impacts people who were never customers of T-Mobile, according to the Idaho Attorney General’s Office. This includes information from those who were merely inquiring about joining.
Idaho Attorney General Lawrence D. Wasden urged citizens to be on alert for identity theft, as over 100,000 Idahoans could be at risk.
“This breach was unique in that it affected T-Mobile customers but also prospective customers,” Wasden said. “This figure includes 26,641 Idaho customers and 152,123 non-customers. … So if you’ve ever inquired about a T-Mobile phone or other service, this situation may impact you. So I encourage anyone who receives a notice or alert to take it seriously, whether you’ve actually been a T-Mobile customer or not.”
According to information from the AG’s office, 53 million people had their personal information stolen in the hack. However, according to other reports, that number could be nearly double.
A Vice News report in August broke the news on the breach, with the alleged hacker claiming to have stolen the personal information of 100 million people.
According to information T-Mobile shared with its investors, the “un-carrier” is currently serving the largest customer base in the company’s history, with 108 million users at the close of 2021.
The Vice article spurred T-Mobile to issue many public statements on the matter in the following days.
“In short, this individual’s intent was to break in and steal data, and they succeeded,” T-Mobile CEO Mike Sievert said on Aug. 27. “On behalf of everyone at Team Magenta, I want to say we are truly sorry. … We are confident that there is no ongoing risk to customer data from this breach. … While we are actively coordinating with law enforcement on a criminal investigation, we are unable to disclose too many details.”
Despite Sievert’s assurance that there are no ongoing risks to customer data, rectifying actions by T-Mobile suggest that those impacted by the breach will be at greater risk of having their personal information utilized in the future because of the wide array of personal details that were stolen.
Social Security numbers, driver’s license and ID numbers, first and last names, addresses, and birthdates were among the details stolen. This even applies to people who never used T-Mobile, yet shared their personal information with the company.
The scope of information stolen in the hack is so severe, that multi-factor authentication can be bypassed using information obtained from the leak.
“SIM hijacking allows scammers to take control of targets’ phone numbers after porting them using social engineering or after bribing mobile operator employees to a SIM controlled by the fraudsters,” according to an article published by online tech outlet Bleeping Computer in February. “Subsequently, they receive the victims’ messages and calls which allows for easily bypassing SMS-based multi-factor authentication (MFA), stealing user credentials, as well taking over the victims’ online service accounts.”
Put simply, information stolen in this hack could potentially allow hackers to compromise an individual’s entire digital identity.
There is also evidence that the breach was ongoing for weeks before T-mobile publicly confirmed its occurrence — which would mark the fifth such event where the company responded this way in the wake of a hack, according to information reported by Bleeping Computer, and Morgan & Morgan, a Florida-based law firm.
There are state and private criminal lawsuits against T-Mobile resulting from the August hack. Many state AGs are warning Americans about the potential harms that could be coming down the pike.
Wasden outlined a few things Idahoans can do to protect themselves. Monitoring credit, placing a fraud alert on your credit, or freezing credit altogether are a few tactics the AG’s office recommended. To read the AG’s full statement, visit their website at ag.idaho.gov/newsroom.
Those who believe they may have had their identity stolen in any circumstance are encouraged to contact identitytheft.gov, or contact the Attorney General’s Consumer Protection Division at 208-334-2424.