Privacy Ninja

NY OAG Warns T-Mobile Data Breach Victims of Identity Theft Risks

NY OAG Warns T-Mobile Data Breach Victims of Identity Theft Risks

The New York State Office of the Attorney General (NY OAG) warned victims of the August 2021 T-Mobile data breach that they faced identity theft risks after some of the stolen information ended up for sale on the dark web.

The alert comes after individuals impacted in the incident were notified by identity theft protection services that their info was found online, demonstrating that affected consumers are now at heightened risk for identity theft.

“Information stolen in a massive data breach has fallen into the wrong hands and is circulating on the dark web,” said New York Attorney General Letitia James.

Also Read: What is cybersecurity? 5 best cybersecurity practices to follow

“The guidance offered by my office can help prevent identity theft. I advise all New Yorkers to maintain their financial safety by following the guidance my office has laid out.”

NY OAG’s guidance advises consumers at risk to use credit monitoring services to be alerted within 24 hours when new changes are made, such as large purchases or newly added accounts.

They’re also urged to consider placing a free credit freeze on their credit reports (via EquifaxExperian, or TransUnion) to block identity thieves from opening new credit accounts using stolen personal info.

Last but not least, affected consumers can also place fraud alerts on their credit reports to instruct creditors and lenders to take additional steps to verify their identity before issuing credits.

Data breach hit over 54 million T-Mobile customers

Information of T-Mobile’s August breach surfaced after a threat actor claimed on a hacking forum to sell a database containing personal info of roughly 100 million T-Mobile customers.

The US mobile carrier confirmed the breach, later saying that the attacker stole records belonging to 54.6 million current, former, or prospective customers.

Also Read: What is ransomware and how ready is your business from it?

Data stolen in the incident includes Social Security numbers, phone numbers, names, addresses, dates of birth, T-Mobile prepaid PINs, and driver license/ID information.

Luckily, as T-Mobile claimed, the attacker didn’t steal any customer financial information, credit card information, debit or other payment information during the incident.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.

Powered by WhatsApp Chat

× Chat with us