I got a letter in today’s mail from a “Claims Administrator” regarding a recent data breach. This letter claims, in the name of T-Mobile:
On August 17, 2021, T-Mobile learned that a bad actor illegally accessed data from T-Mobile systems … we have determined that unauthorized access to your personal information has occurred, including your name, driver’s license/ID information, date of birth, and Social Security number. …
The italicization is from the letter, not from me. I note that the phrasing seems very clear that my information WAS accessed, not merely possibly accessed. The letter goes on to tell what T-Mobile is doing about this, but that’s not what I’m here to ask about.
I was never a customer of T-Mobile. I suppose they could have gotten my name and address by purchasing a mailing list, but can’t imagine that they would have my driver’s license, birth date, and SocSec number. Note that the letter uses the word “and”, not “and/or”. The author of this letter seems to think that the “bad actor” got ALL of this data about me.
Smells like a scam to me. The General Question I was to ask is: Is it reasonable to think that T-Mobile has my driver’s license AND birth date AND SocSec number? Or ANY of them? How might they have legally obtained them, if I’ve never been their customer?
From what I can see, this is real. There’s a report about this breach on the T-Mobile site itself here. It does indeed say
The types of impacted information include names, drivers’ licenses, government identification numbers, Social Security numbers , dates of birth, T-Mobile prepaid PINs (which have already been reset to protect you), addresses and phone number(s). Social Security numbers and government identification numbers are collected in connection with prospective and current customers’ application for services and eligibility determinations. We have no indication that personal financial or payment information, credit or debit card information, account numbers, or account passwords were accessed or acquired.
The second sentence seems to be trying to explain why they have drivers’ licenses and social security numbers.
I do have T-Mobile and this is legit. They’re taking a enormous ration of shit from every direction for having kept such a huge database of info on people who aren’t even and never have been customers.
Have you ever had an account with Sprint of MetroPCS. They’re both related to T-mobile? How about a burner phone that may have used the t-mobile network?
Also, keep in mind that just because there was a breach doesn’t mean this isn’t a phishing attempt. If there’s anything in the email about contacting them, find your own contact information.
Maybe call and ask why they have your information in the first place.
I would have guessed a phishing attempt based on using the term “bad actor”. It could still be an attempt by someone counting on you knowing about the data breech and so assume their email is legit.
In days of old, when you had to buy your phone from your provider, & even now, when T-Mo advertises a free iphone, you’re really paying that off over some number(usually 24) months. The ToS state if you leave them before the 24 months is up, the remaining balance of the phone is due immediately. They’re basically giving you a interest free loan as long as you remain their customer. My guess is that they ask for that info from everyone, even if you bring your own phone.
This. Joe Fraudster wasn’t in on the data breach but if he can send out some emails or even letters & get enough of a response (since some big story that was all over the news & comes up in google searches so his email/letter must be legit, right?) then he can still profit from the data breach.
I was with Sprint and with the of Sprint by T-mobile I am now a T-mobile customer. For the past several years whenever I had to do something with my service or phone, I have had to show my drivers license as proof of identity. I’m pretty sure Sprint scanned it into their system. T-mobile did not as far as I remember.