So You Got Hacked in the T-Mobile/Experian Breach: Here's What to Do

I should know, I've been there.

|
Oct 2 2015, 6:02pm

Image: Luke Jones/Flickr

This week, two high-profile companies, T-Mobile and crowdfunding site Patreon, disclosed that hackers managed to improperly access some of their users' data. In T-Mobile's case, one of its credit application processors, Experian, was hacked, potentially exposing the names, addresses, and Social Security numbers of 15 million people who applied for service in the past two years. (T-Mobile says the data was encrypted, but acknowledges that the encryption "may have been compromised.") In Patreon's case, that includes the names, email addresses, and shipping addresses of 2.3 million users.

Not fun, no.

"The troubling thing about the T-Mobile hack is the scale and richness of the data," Rurik Bradbury, of the fraud prevention firm Trustev, told Motherboard in a telephone interview. "This is a very major hack."

As Rurik explained, the presence of data like Social Security numbers in the T-Mobile incident means hackers can do significant things like apply for credit cards in the victim's name. "We can expect a lot of bad activity" to follow from the T-Mobile incident, he said.

The worst part for people affected by the T-Mobile incident is that there's not a whole lot they can do to prevent further damage beyond keeping close tabs on their credit reports. (Consumer Reports recommends consumers get free credit reports from the three main credit-reporting bureaus every four months.) Some commercial services also offer real-time credit monitoring for a monthly fee, while a unit of Experian is offering free identity theft protection to people affected by the T-Mobile incident.

Consumers should also use a credit card instead of a debit card when making purchases, Rurik noted, since a debit card, unlike a credit card, is a direct line to a bank account. I know this all too well.

Four years ago, I woke up in the morning to $5,000 missing from my bank account. The hackers, whoever they were, managed to buy a $1,500 Luftansa airline ticket and hundreds of dollars worth of software using my debit card. They even bought hundreds of dollars worth of flowers using my stolen information, which I can only hope were used to help brighten someone else's day because mine was nearly ruined.

This was the morning of my first date with my girlfriend, and I had to suffer the embarrassment of asking her to pay for dinner because of my little situation. And because dinner ended rather late, she handed me her credit card to take a taxi home—a credit card that she canceled the next morning, I learned the following week when I met her again, because she wasn't yet sure if I was some sort of con artist. We're still together.

Some other things you can do if you were affected by the T-Mobile/Experian breach:

-Put a fraud alert or freeze on your credit with the three credit bureaus: Experian, Equifax, TransUnion. You can do this all online.

-Alert your bank to flag your account. This way, if someone calls your bank pretending to be you, the service representative will see the fraud alert and ask extra security questions.

-File an identity fraud affidavit with the IRS to prevent a false tax form from being filed in your name: http://www.irs.gov/pub/irs-pdf/f14039.pdf

-If you gave T-Mobile your driver's license or ID, consider getting a new one.