In case you’re not following the news about the latest data breach, a hacker stole the records of approximately 15 million T-Mobile customers. The breach occurred at Experion, the vendor that T-Mobile partnered with to process credit applications. According to T-Mobile, the records stolen "include information such as name, address, and birthdate as well as encrypted fields with Social Security number and ID number (such as driver’s license or passport number)." Experian's encryption may have been compromised.
Basically, if you’re a T-Mobile customer and you ever got your credit checked (either for service or for device financing) between September 1, 2013 and September 16, 2015, your identity has been stolen.
I applied for credit through T-Mobile and Experian last spring, when I wanted to replace my aging iPad with the then-new iPad Air. It seemed like a good idea at the time – I wanted an LTE iPad, they offered an interest-free payment plan, and the monthly payments were small. After hearing about the data hack, however, I’m thinking I should pay for everything in cash and also maybe never go on the Internet again.
Oh, yeah, about how I heard about the data hack – I found out through Twitter. Not surprising, considering I keep Tweetbot open on my desktop in plain site pretty much all day (and if I’m not at my desk, it’s on my phone or that fancy tablet). But I’ve still yet to actually get an email from T-Mobile about the hack. I know it’s not my spam filters because I get all their other crap emails about upgrading my device, my service, and how cool it is that they’re an "un-carrier" (whatever that means).
I would’ve expected an email, since T-Mobile CEO John Legere posted an open "Letter To Consumers" on T-Mobile’s site. In the letter, John insisted that being an un-carrier means being "direct, transparent, and honest" about "good news or bad." That’s great, John, but can you directly send that to me in an email?
[Tweet "Hey @JohnLegere, why haven't you emailed @fakeadamcecil yet?"]
The real gem of the letter came in the fifth paragraph: "Anyone concerned that they may have been impacted by Experian’s data breach can sign up for two years of FREE credit monitoring and identity resolution services at www.protectmyID.com/securityincident." Cool! Until you click the link and realize that www.protectmyID.com is run by Experian, the company that just got hacked.
As tech writer Merlin Mann put it:
Kinda like the salmonella peanut company apologizing by sending you a case of complimentary salmonella peanuts.
-- Merlin Mann (@hotdogsladies) October 1, 2015
But whatever, I signed up for Protect My ID because it was free and why not? (I believe that I may have said something more expletive-ridden under my breath, but we’re a family friendly personal finance blog.) Signing up was easy. Ever applied for a credit card online? Basically the same process. And now, allegedly, my identity is protected.
Well, not protected, exactly – Protect My ID doesn’t really do anything to prevent data loss. Instead, it’s just constantly searching records and hacker sites (I know I sound like I’m a hundred years old when I say the phrase "hacker sites," but what else do you call them?) for any use of your data. It will also alert you if they think your identity is being used by someone else, like if a new address shows up on your account.
If Protect My ID detects anything out of the ordinary, you can then call them up and they’ll help you go through the process of slowly reporting the fraud to a bunch of bureaucratic organizations that couldn’t care less about you as an individual. (That wasn’t in their marketing copy, that’s just how I read it.)
At least, that’s what they say they’ll do. Thankfully, my data hasn’t been used for anything yet, so I haven’t had to call them. If I do become a victim of fraud, I’ll be sure to either write a sequel blog post or set my WiFi router on fire.
Did you also lose your data in the T-Mobile hack or one of the other dozens of hacks that happened this year? Check out some of other resources to learn how to avoid getting hacked and how to deal with identity theft:
- What happens to a stolen Social Security Number?
- The Identity Theft Index: When to freak out about a stolen identity
- 3 ways to create better passwords, ranked from laziest to best
Image: Mike Mozart