Wyoming residents whose personal information may have been exposed in a T-Mobile data breach are being advised to change the passwords for their telephone accounts by the leader of a Wyoming group working to reduce cyber crime.
Laura Baker, executive director of Cyber Wyoming told Cowboy State Daily on Friday that the information leaked to the “dark web” could allow leave cell phone accounts vulnerable to being taken over by thieves or “Sim swapping.”
“SIM swapping is when the bad actors call your cell phone carrier pretending to be you,” she said. “They impersonate you with breached information like the T-Mobile personally identifiable information and they combine it with social media information that they found about you online.
“When they contact your phone carrier they say that they broke or lost the old phone and need to register a new one,” she continued. “If successful, they will now get all your texts, which includes the texts you get with codes verifying who you are.”
Nearly 30,000 Wyoming residents were among 53 million current, former and prospective T-Mobile clients affected by the August data breach.
Wyoming Attorney General Bridget Hill’s office said this week that a large amount of the information obtained in the breach was discovered for sale on the dark web, a hidden portion of the Internet where criminals buy, sell and track personal information.
Baker advised anyone affected by the breach to go into their phone carrier account, change their password to something difficult that they have never used before and use any two-factor authentication the carrier recommends.
“Some people even have a super secret email address that they only use for validation of this type, instead of using their phone,” Baker said. “Others use a Google Voice phone number so their real cell phone number isn’t published and they can use anonymity to their benefit. Others use password management software.”
She added there are many creative ways people can protect themselves online, but noted that one of the most important factors is to highly secure phone carrier account with the maximum security controls possible.
“Think of it like your bank account,” she said.
Hill also suggested anyone affected by the breach consider placing a free credit freeze on their credit report and to place a fraud alert on their credit report.
The 21-year-old hacker who claimed responsibility for the data breach told the Wall Street Journal last fall that T-Mobile had unprotected routers and that weak spots in the company’s internet addresses that gave him access to over 100 servers.