Data Breach Alert: T-Mobile 100 Million Impacted

Data Breach Alert: T-Mobile 100 Million Impacted

The Associated Press reported yesterday that communications giant T-Mobile confirmed there was unauthorized access to ‘some T-Mobile data’ but that the company is still determining the scope of the breach and who was affected. T-Mobile is actively investigating the leak after someone took to an online underground forum offering to sell personal information from more than 100 million cellphone users.

 

According to Vice’s Motherboard report, the data came from T-Mobile servers and “includes social security numbers, phone numbers, names, physical addresses, unique IMEI (International Mobile Equipment Identity) numbers, and driver license information.” Motherboard also reported that they had seen samples of the data, and confirmed they contained accurate information on T-Mobile customers.

 

The seller on the underground forum was asking for 6 bitcoin, which is about $270,000, for a subset of the data containing 30 million social security numbers and driver licenses. The hacker said that they are privately selling the rest of the data at the moment. For more in-depth details about the hack, you can read the KrebsonSecurity article HERE.

 

A statement on the T-Mobile website reads “We are confident that the entry point used to gain access has been closed, and we are continuing our deep technical review of the situation across our systems to identify the nature of any data that was illegally accessed. This investigation will take some time but we are working with the highest degree of urgency.” The statement also included that the company takes the protection of their customers very seriously and that T-Mobile is “conducting an extensive analysis alongside with forensic experts to understand the validity of these claims, and are coordinating with law enforcement.”

 

If you or a family member has been a T-Mobile customer and suspect your data has been compromised, please contact us as soon as possible. We are always available for you 24/7/365 at 888.966.GUARD (4827). Our Member Services can also be emailed at memberservices@guardwellid.com.

 

Photo credit: John Tuesday on unsplash.com

Veteran Data Exposed in Recent Breach

Veteran Data Exposed in Recent Breach

Last month the Department of Veterans Affairs (VA) Financial Services Center reported that the personal identifying information (PII) of more than 46,000 veterans had been stolen. Social security numbers may have been included in the hack. The VA Financial Services Center is in process of alerting impacted individuals via mail.

 

If you are a veteran (or next of kin of a deceased veteran), we suggest that you be on the lookout for any signs of fraud.

 

– Continue to watch your credit and individual account statements for activity that you have not initiated.

 

– Do not respond to any emails, phone calls or direct messages from anyone saying that they are from the VA Financial Services Center. The VA will contact anyone impacted via mail only.

 

Please reach out to us immediately if you have any questions or concerns about this alert. Be smart. Be vigilant. Be strong. As always, we are available for you and your family members 24/7/365 at 888.966.GUARD (4827) or memberservices@guardwellid.com.

 

Photo credit: Photo by Samuel Branch on Unsplash

DoorDash Data Breach: How to Tell if You’ve Been Hacked

DoorDash Data Breach: How to Tell if You’ve Been Hacked

Remember when home-cooked meals happened six nights a week instead of just during the holidays? I don’t really do either. Delivery is indeed a major convenience though. From groceries and prescriptions to corporate lunches, family dinners and late night snacks, if you can order it on an app, such as Uber Eats, it can be on your doorstep in about an hour. Yes, delivery is a major convenience but, just like with everything in life, there are risks and your data can be compromised. Just ask the almost $5 million DoorDash users, merchants and workers who were recently hacked. Hits a little too close to home.

 

Consumer behavior, along with the concept of dinnertime itself, have both evolved in the past few years, making food delivery one of the the newest up and coming fads. The industry, referred to as third party logistics, is experiencing “unprecedented growth to the tune of $43 billion in deliveries (2018) and is forecasted to rise to $76 billion by 2022.” As reported in Barron’s, GrubHub this past spring was losing the food-delivery war with DoorDash stealing the show. “For the industry, DoorDash’s pace of share gain is the dominant trend,” reported KeyBanc analyst Andy Hargreaves, March, 2019. DoorDash just recently surpassed Uber Eats as the second-largest food-delivery service in the U.S. after GrubHub. We regularly use all three providers, but with a preference for DoorDash only because of the availability of restaurant choices.

 

What actually was hacked?

The latest report according to Business Insider, detailed that the breach occurred in May and affects some users who started using the DoorDash app before April 5, 2018…. “DoorDash said an unauthorized third party was able to access some users’ profile information, including names, email addresses, delivery addresses, order history and phone numbers.” The article continued to report that the last four digits of some consumers’ credit cards were also accessed, but not full card numbers or CVVs. “For some delivery workers and restaurants, the unauthorized third party accessed the last four digits of bank-account numbers.” DoorDash did announce that the “credit card and banking information is not sufficient to make fraudulent charges or withdrawals.” That gives us a little peace of mind. Maybe.

 

How do you know if you were hacked?

DoorDash reported to Business Insider that it had begun contacting people affected by the data breach and will continue to do so as they become known. The company did recommend that even those who hadn’t been contacted by DoorDash regarding the breach should still change their password immediately to be safe.

 

– If you signed up for DoorDash after April 5, 2018, your data is likely safe. If you can’t recall when you signed up, contact them to find out.

– Check your bank account(s) which are tied to your DoorDash account for fraudulent activity. Hackers count on people not reviewing every item on their credit card and bank statements.

– Contact your identity theft solutions provider immediately and especially if you notice anything “off” in your statement(s).

– Do you use the same password for multiple accounts? We recommend that your passwords are updated on a routine basis and that the same one isn’t used across multiple accounts.

 

Hackers will continue to hack. That is a definite certainty in this day and age. When we set up any type of home delivery, it is unnerving to not be able to trust that they will keep us safe as well as our food. Maybe we all should go back to those home-cooked meals … now, how do you turn the oven on again?

 

Need help? Our Member Services team is here for you 24/7/365. Call us at 888.966.GUARD (4827) or email memberservices@guardwellid.com.

 

References:

Fortune. Morris, Chris. “DoorDash Data Breach: What to Do If Your Account Was Compromised.” September 27, 2019.

Business Insider. Holmes, Aaron. “DoorDash Hack: How to Tell If You’re Affected.” September 26, 2019.