Last week we saw the mobile phone carrier T-Mobile fall victim to cybercriminal activity when a hacker accessed the personal data of their users. They learned of the breach via claims that were made on an online forum. This led to an investigation and hiring of cybersecurity experts to help with the situation.
They have not been able to confirm at this time whether financial information was compromised, but have confirmed the following data was breached:
- Driver’s license numbers
- Government identification numbers
- Social Security numbers
- Dates of birth
- T-Mobile PINs
As a result of this breach, experts were hired – at expert-level salaries, press-releases were written, web pages needed to be created with all the information that users would need, additional customer service channels needed to be established to answer questions, identity monitoring needed to be made available to all individuals affected, and much more. This not only took the existing workforce away from their jobs, it required additional hiring of people and resources to accommodate the influx of calls. And this had to be done while simultaneously addressing any reputational damage that occurred as a result of the breach.
If this happened to your clients, who likely have a much smaller pool of resources than T-Mobile, they would have likely been turning to one person for help, and one person to blame. You, their MSP.
So, what can you do? You’ll want to take this as an opportunity to remind your clients about strong cybersecurity practices. This also brings to light the importance of cyber insurance in helping businesses recover from a data breach; but it should be made clear that cyber insurance is not an alternative to strong cybersecurity best practices. Additionally, if you have any clients that are using this mobile carrier, they’ll want to take immediate action to protect their accounts.
Remind them to:
- Change their password on their T-Mobile account and any other account that would share that password. Moving forward, don’t use the same password for multiple accounts!
- Always use two-factor authentication. This second way of verification may seem cumbersome initially, but it will save you much more work in the event of a data breach.
- Clean up your digital footprint. Old accounts may have the same password as this breached account. Even if you don’t use it, it may link the hacker to valuable information about you that can be cross-referenced to enable them to steal more of your data or identity!
- Enable credit monitoring and freeze your credit. This prevents any new accounts from being opened.
These steps, along with being diligent about looking at usage on your credit card accounts or bank statements will be important in the effort to mitigate any damage done by this breach. While the effort should be ongoing, when a large breach like this occurs, it’s even more critical to take immediate action.