The number of users whose personal information might have been compromised in a recent cyber attack of T-Mobile has climbed to 53 million, as the telecommunication company is hit by a pair of class-action lawsuits.

T-Mobile announced Friday it had discovered that another 5.3 million current customers and  667,000 former customers also had their information stolen.

The wireless carrier is now up against two class action lawsuits filed by upset customers. Both lawsuits accuse T-Mobile of violating the California Consumer Privacy Act which allows any Californian the right to see all the information a company has saved on them, as well as a full list of all the third parties that data is shared with. One of the lawsuits also accuses T-Mobile of violating the Washington State Consumer Protection Act for having poor data security.

According to the lawsuit, the plaintiffs and the class action members contend their identities are at risk because of neglect on the part of T-Mobile. The plaintiffs are also concerned with the monetary costs and the “time spent mitigating the effects of the Data Breach, including time spent dealing with actual or attempted fraud and identity theft.”

The information stolen from the customers includes names, addresses, dates of births, phone numbers, social security numbers, driver’s license information and other sensitive data such as the International Mobile Equipment Identity (IMEI) numbers that serve as a phone’s digital fingerprint.. T-Mobile says that the information stolen from the additional customers did not include social security numbers and driver’s license information.

T-Mobile does not believe that customers had their financial information, credit card information, debit, or other payment information stolen in the attack.

T-Mobile reset the PINs associated with these accounts and is also offering additional protection services like McAfee’s ID Theft Protection Service and Account Takeover Protection capabilities for all customers.

“We are continuing to take action to protect everyone at risk from this cyber attack, including those additional persons we recently identified,” the company said in a statement. “We have sent communications to millions of customers and other affected individuals and are providing support in various ways.”

T-Mobile originally became aware of the data breach after hackers posted in an underground forum, Vice’s Motherboard first reported.

The seller of the information is asking for six bitcoins, worth about $297,279 as of publishing, for 30 million social security numbers and driver’s licenses, according to Motherboard. The seller is privately offering the rest of the breached information.

T-Mobile creates Web Page With Up-To-Date Information And Remedies

T-Mobile has created a web page with up-to-date information and remedies for consumers. The page does not offer a way to determine whether your account is one of those affected by the breach.

How To Protect Yourself

There’s no easy way to prevent a thief from using your Social Security number or your driver’s license number, but there are things you can do to limit the impact of having such personal info exposed to criminals.

Freeze your credit. That makes it difficult for identity thieves to open new accounts in your name. It requires contacting each of the three major credit bureaus: Equifax, Experian, and TransUnion.

Because of the ongoing COVID-19 crisis, the bureaus are offering free weekly credit reports through April 20, 2022. Before the pandemic, each offered a single free report annually and charged $20 for additional reports.

You’ll need to lift the freeze temporarily when you want to give a company access to your credit information—say, if you’re applying for a credit card or a car loan, or you want to rent an apartment.

Beef up your password game. While password information doesn’t seem to have been affected by the T-Mobile breach, the company is suggesting that customers change their passwords by logging in to their accounts or calling customer service by dialing 611 on their cell phones, although as of the morning of Friday, Aug. 20, the wait to talk to a representative was 45 minutes.

While using a different password for each account is one of the basic principles of digital security, if you sometimes recycle passwords, you should also change the passwords on other accounts that have the same credentials used on your T-Mobile account.

This might also be a good incentive to start using a password manager, a service that helps you create and store unique, complex passwords for each of your accounts.

Use multi-factor authentication. In addition to using strong, unique passwords for every online account, it’s also smart to set up multi-factor authentication, often called two-factor authentication.

When you turn on MFA, which is available for financial sites, social media sites, and many others, you need your password plus a second form of ID to log in. That way, if thieves get your password, they still won’t be able to access your account. The most common way to use MFA is probably to have the site send you a text message with a code that you enter into a pop-up box, but security experts say it’s better to use a smartphone app or physical security key.

Delete unused accounts. Any data breach can serve as a reminder that the more digital accounts you have, the greater the risk of your data being misused or stolen. You obviously can’t delete your cellular account, but you can take some time to locate other accounts that you haven’t used in years. Begin by typing your usernames, old and new, into a search engine and looking for combinations of your name and email address. You can also look for phrases such as “welcome to” or “new account” in your inbox, or look for saved log-ins in your search engines.

For more information on enhancing your digital security, use the CR Security Planner, a free tool that can help you create and save a personalized to-do list.

Tags: Hacked   Personal Identifying Information   TMobile