Michigan AG: Watch out for scammers taking advantage of T-Mobile data breach

T-Mobile announced last week that an unidentified malicious intruder breached its network in late November and stole data on 37 million customers.

The intruder was able to obtain customer information on or around Nov. 25, 2022, through Jan. 5, 2023. T-Mobile said customer accounts and finances are not directly at risk and there is no evidence they compromised T-Mobile’s network or systems.

T-Mobile said information obtained for each customer varies but may have included full names, dates of birth, phone numbers, billing addresses, email addresses, and account and line information (such as billing account numbers, codes for rate plans and features, and number of lines on the account).

Passwords, Social Security Numbers, payment methods and usage or call records were not affected by the breach, according to T-Mobile. No account changes or charges have been detected.

“My Corporate Oversight Division is closely monitoring this developing situation and working to gather more information on the cause, impact to Michigan customers, and response,” Michigan Attorney General Dana Nessel said. “It’s important that consumers remain diligent in protecting their information. Personal information that may not seem to be particularly sensitive can be used by ID thieves as a gateway to more sensitive information and is susceptible to use in phishing attacks.”

Michigan AG Dana Nessel said customers should watch out for suspicious emails, texts, or phone calls in the wake of the data breach.

“There are lots of ways bad actors can take advantage after a breach. If you receive a call from someone who has urgent or financial requests, asks for your personal information, or asks you to pay with unusual methods, it’s likely a scam,” Nessel said. “Never give out credit card numbers, bank account information, social security number, or other personal information to anyone who calls you. You can call my office at any time to vet the veracity of the caller.”

In 2022, T-Mobile settled a class action lawsuit and agreed to pay $350 million to customers after Social Security numbers and other identifying information for 80 million U.S. residents was breached.

Order a free credit report

According to the FTC, everyone has a right to get a free credit report every 12 months from each of the three nationwide credit bureaus.

Through December 2023, everyone in the United States can get a free credit report each week from each of the three credit bureaus at annualcreditreport.com. Everyone can get six free credit reports per year from Equifax through 2026. That’s in addition to the one free Equifax report.

Here’s how to get your free credit reports:

• Online: You can go to annualcreditreport.com to get your free credit report.
  • Warning: annualcreditreport.com is the only true free credit report website. Misspelling that site or using another website with similar words will take you to a website that will try to sell you something or collect your personal information.
• By mail: Fill out this form and mail it to the listed address
• By phone: Call 877-322-8228

Steps to take if your data has been breached

Thieves use stolen personal information to commit identity theft.

Officials believe that, on average, there is an identity theft victim in the United States every two seconds.

If your personal information was exposed, you should take the threat seriously and take steps to protect yourself.

Michigan offers the following steps to respond to a data breach:

• Put a fraud alert on your credit file: A fraud alert is a free alert, or flag, that is placed on your credit file when you notify a credit reporting agency that your information may have been compromised. This alert will make it more difficult for anyone to open an account in your name.
• Consider a security freeze on your credit file: A security freeze or credit freeze is something you request from a credit reporting agency to restrict access to your credit report. This makes it more difficult for identity thieves to open new accounts in your name because most creditors will demand to see your credit report before they approve new credit. If a creditor cannot see your file, then the creditor should not extend the credit. A credit freeze does not prevent all third parties from seeing your report.
• Credit monitoring: Credit monitoring is a service that tracks your credit report and alerts you whenever a change is made. This gives you the opportunity to confirm the accuracy of the change and, if needed, contest any inaccuracy. The specifics of any service will depend on the provider; however, most advertise they will notify you within 24 hours of any change to your credit report.
• Take advantage of any free services being offered as a result of the breach: Take advantage of any unconditional and free subscriptions to any credit monitoring, fraud resolution, or other service designed to protect and help you. Before you accept a free subscription offered to you as a result of a security breach, carefully consider any conditions placed on your acceptance of this subscription. For example, will you be charged after a short free period, or will you only get the free subscription if you give up your right to additional legal redress?
• Use two-factor authentication: For accounts that support it, two-factor authentication requires both your password and an additional piece of information to log in to your account. The second piece could be a code sent to your phone, or a random number generated by an app or a token (a physical object in user’s possession). This protects your account even if your password is compromised.

If you need to file a consumer complaint with the Michigan Attorney General you can click here -- if you have questions you can call 877-765-8388.

You can find more information on how to respond to a data breach by reading Nessel’s “Data Breaches: What To Do Next Consumer Alert” article.