Nessel reissues consumer alert following new T-Mobile data breach

Michigan Attorney General Dana Nessel is reissuing a consumer alert that provides information on responding to a data breach after T-Mobile confirmed the company suffered a breach that affects approximately 37 million U.S. customers.

T-Mobile reports that the breach happened between November 25, 2022 and January 5, 2023 and may have exposed information including names, billing addresses, email addresses, telephone numbers, dates of birth, T-Mobile account number, number of lines on the account and service plan features. T-Mobile believes that no passwords, payment card information, social security numbers or other financial account information was accessed. The impact of this breach is currently undetermined.

Consumers should remain vigilant for suspicious emails, texts, or phone calls in the wake of this data breach.

“There are lots of ways bad actors can take advantage after a breach. If you receive a call from someone who has urgent or financial requests, asks for your personal information, or asks you to pay with unusual methods, it’s likely a scam,” said Nessel. “Never give out credit card numbers, bank account information, social security number, or other personal information to anyone who calls you. You can call my office at any time to vet the veracity of the caller.”

T-Mobile announced the breach on their website and said the company will be contacting affected customers. T-Mobile was previously the target of an unrelated data breach in August 2021.

“My Corporate Oversight Division is closely monitoring this developing situation and working to gather more information on the cause, impact to Michigan customers, and response,” Nessel continued. “It’s important that consumers remain diligent in protecting their information. Personal information that may not seem to be particularly sensitive can be used by ID thieves as a gateway to more sensitive information and is susceptible to use in phishing attacks.”

Nessel’s “Data Breaches: What To Do Next Consumer Alert” provides important information on how to respond if you think your personal information was compromised, as well as advice on protecting your identity.

Consumers have the right to order a free credit report from each of the three major credit reporting companies every year through the following:

• by mail—complete the annual credit report request form and send to the listed address.

• by telephone—call 877-322-8228 (toll free).

• online—annualcreditreport.com, is the only truly free credit report website. (Beware: Misspelling this site or using another site with similar words will take you to a site that will try to sell you something or collect your personal information.)

Other ways to respond to a data breach explained in the alert include:

1. Put a fraud alert on your credit file: A fraud alert is a free alert, or flag, that is placed on your credit file when you notify a credit reporting agency that your information may have been compromised. This alert will make it more difficult for anyone to open an account in your name.

2. Consider a security freeze on your credit file: A security freeze or credit freeze is something you request from a credit reporting agency to restrict access to your credit report. This makes it more difficult for identity thieves to open new accounts in your name because most creditors will demand to see your credit report before they approve new credit. If a creditor cannot see your file, then the creditor should not extend the credit. A credit freeze does not prevent all third parties from seeing your report.

3. Credit monitoring: Credit monitoring is a service that tracks your credit report and alerts you whenever a change is made. This gives you the opportunity to confirm the accuracy of the change and, if needed, contest any inaccuracy. The specifics of any service will depend on the provider; however, most advertise they will notify you within 24 hours of any change to your credit report.

4. Take advantage of any free services being offered as a result of the breach: Take advantage of any unconditional and free subscriptions to any credit monitoring, fraud resolution, or other service designed to protect and help you. Before you accept a free subscription offered to you as a result of a security breach, carefully consider any conditions placed on your acceptance of this subscription.

For example, will you be charged after a short free period, or will you only get the free subscription if you give up your right to additional legal redress?

5. Use two-factor authentication: For accounts that support it, two-factor authentication requires both your password and an additional piece of information to log in to your account. The second piece could be a code sent to your phone, or a random number generated by an app or a token (a physical object in user’s possession). This protects your account even if your password is compromised.

The Department provides a library of Consumer Alerts, which cover a wide range of topics, and can be reviewed on the Department’s website at www.michigan.gov/ag/consumer-protection/consumer-alerts.

Consumer complaints can be filed online at the attorney general's website at https://secure.ag.state.mi.us/complaints/consumer.aspx, or anyone with questions may call 877-765-8388.