If you’re a T-Mobile customer, you may want to put a fraud alert on your credit file and keep an eye on your wireless account. Last Saturday, someone posted a message on a hacker site claiming to have breached T-Mobile’s servers, thereby accessing “everything, their databases, confidental [sic] documents, scripts and programs from their servers, financial documents up to 2009.” At first, T-Mobile vehemently denied there had even been a breach, let alone that customers’ data was in danger. But yesterday, they issued a new statement confirming the security breach. The company’s statement says, in part:
Regarding the recent claim on a Web site, we’ve identified the document from which information was copied, and believe possession of this alone is not enough to cause harm to our customers.
Ok, so the possession of that document alone isn’t enough to cause harm. But just because the hacker only posted one document doesn’t mean he doesn’t have others. And if he does have others—and he claims he does—is what he has enough to harm T-Mobile’s customers? And if what the hacker gained access to was enough to harm customers, would the company really say so in a public statement? T-Mobile says it’s investigating, but isn’t saying much more than that:
At this moment, we are unable to disclose additional information in order to protect the integrity of the investigation, but customers can be assured if there is any evidence that customer information has been compromised, we would inform those affected as quickly as possible.
In this age of Internet commerce, electronic transactions, data mining, and identity theft, better to be safe than sorry. I have no doubt the company will inform customers if they find personal information has been compromised. In fact, they’re required by law to do so. But if I were a T-Mobile customer, I wouldn’t wait around to see whether my information was safe or not.