After T-Mobile data found on dark web, Attorney General Ellison urges Minnesotans to protect personal information from identity theft

Millions of personal records recently found for sale on dark web from August 2021 T-Mobile data breach that affected 670K Minnesotans, 53M Americans

March 2, 2022 (SAINT PAUL) — In the wake of millions of Americans’ personal information that was compromised in the massive August 2021 T-Mobile data breach being recently found on the dark web, Minnesota Attorney General Keith Ellison today urged all Minnesotans who believe their personal information was compromised by the T-Mobile data breach to take steps to protect themselves from identity theft. 

Attorney General Ellison has joined forces with a coalition of 48 attorneys general who are investigating the August 2021 data breach of T-Mobile that compromised the sensitive personal information of millions of T-Mobile customers: not only current customers, but past and potential customers of T-Mobile as well. Attorney General Ellison and the coalition are investigating whether T-Mobile violated state privacy and consumer protection laws by failing to appropriately safeguard personal information. 

“Our personal information should be exactly that — personal. When our personal information gets compromised, it hurts our ability to afford our lives and keep ourselves and our families safe,” Attorney General Ellison said. “T-Mobile’s data breach last year was a massive betrayal of Minnesotans’ trust. While almost every attorney general in America and I continue to investigate T-Mobile for this data breach, I strongly urge all Minnesotans who think they may have been harmed by it to take steps to protect themselves and their personal information from identity theft. I want to stress that this includes people who weren’t T-Mobile customers at the time, because the data breach compromised the personal information of former and prospective customers as well as current ones,” Attorney General Ellison continued. 

August 2021 T-Mobile data breach and aftermath 

On August 17, 2021, T-Mobile confirmed a criminal cyberattack on the T-Mobile environment. The data breached in the attack belonged to more than 53 million individuals, including 670,505 Minnesota residents. Millions had their names, dates of birth, Social Security numbers, and driver’s license information compromised, among other personal information. 

In the aftermath of the data breach, T-Mobile offered two years of free identity protection services through McAfee’s ID Theft Protection Service to any person believed to be harmed by the breach. The enrollment for this service has since expired. 

In January of this year, a large subset of the information compromised in the breach, composed of millions of records, was discovered for sale on the dark web — a hidden portion of the Internet where cyber criminals buy, sell, and track personal information. Those individuals who had signed up various identity-theft protection services received alerts from those services informing them that their information was found online in connection with the T-Mobile breach. These alerts confirmed that individuals affected by the T-Mobile breach are at heightened risk for identity theft.  

However, the number of people who received alerts represents less than one percent of the total number of Americans whose personal data were compromised, meaning that people who believe they were affected should take additional steps to protect their personal information. 

How consumers can protect themselves 

Attorney General Keith Ellison reminds Minnesotans that the data breach affected not only current T-Mobile customers, but past customers and potential customers who may have provided T-Mobile with the personal information. He urges anyone who believes they were affected by the T-Mobile breach to take the following steps to protect themselves:  

• Monitor your credit. Credit-monitoring services track your credit report and alert you whenever a change is made, such as a new account or a large purchase. Most services will notify you within 24 hours of any change to your credit report. More information about monitoring your credit report and disputing fraudulent or inaccurate information is available on the Attorney General’s website.
• Consider placing a free credit freeze on your credit report. Identity thieves will not be able to open a new credit account in your name while the freeze is in place. You can place a credit freeze by contacting each of the three major credit bureaus:  
  • Equifax: https://www.equifax.com/personal/credit-report-services/credit-freeze, (888) 766-0008 
  • Experian: https://www.experian.com/freeze/center.html, (888) 397-3742 
  • TransUnion: https://www.transunion.com/credit-freeze, (800) 680-7289 
  • More information about freezing your credit report is available on the Attorney General’s website. 
    
• Place a fraud alert on your credit report. A fraud alert tells lenders and creditors to take extra steps to verify your identity before issuing credit. You can place a fraud alert by contacting any one of the three major credit bureaus. More information about placing a fraud alert on your credit reports and taking other steps to combat identity theft is available on the Attorney General’s website.
• Contact the Attorney General’s Office for help or to file a complaint. You may also contact the Attorney General’s Office for help by submitting a complaint online or by calling the Attorney General’s Office at (651) 296-3353 (metro area), (800) 657-3787 (Greater Minnesota), or (800) 627-3529 (Minnesota Relay).
• Visit the Minnesota Attorney General’s Office website for more tips. You may access the Minnesota Attorney General’s website for tips and publications on safeguarding your personal information and protecting yourself from identity theft. 
• Additional Resources. If you believe you are a victim of identity theft, visit the Federal Trade Commission’s dedicated website identitytheft.gov for assistance on how to report it and recover from it.