A security breach at T-Mobile US Inc. exposed the personal data of more than 40 million customers, but analysts do not expect consumers to hang up on the wireless carrier.
T-Mobile said Aug. 18 that a subset of company customer data had been accessed by unauthorized individuals. This subset included just over 40 million records of former or prospective customers who had previously applied for credit with the carrier, as well as 7.8 million current T-Mobile postpaid customer accounts' information. While no customer financial information, including credit or debit card numbers, appears to have been breached, some of the data accessed did include customers' first and last names, dates of birth, social security numbers and driver's license information.
The latest attack comes after T-Mobile reported two security breaches in 2020. In March 2020, T-Mobile alerted customers that hackers accessed some customer data and employee email accounts. Several months later, the company reported another incident that compromised customer account information but did not include credit card numbers, social security numbers, tax IDs, passwords or pins.
Even though the August 2021 breach could potentially negatively impact a hefty chunk of the 104.8 million customers that T-Mobile ended the second quarter with, some analysts think customers will likely view it as an unfortunate reality of having a cell phone, and not a reason to switch carriers.
Even though T-Mobile has endured some of the industry's most recent notable data breaches, that does not mean its competitors — Verizon Communications Inc. and AT&T Inc. — are immune to similar attacks, said Recon Analytics analyst Roger Entner, whose research focuses on the wireless experience. He does not expect net adds or churn at T-Mobile to suffer from this one event.
"In reality, most people aren't negatively affected enough to consider changing providers or getting rid of their cell phones. It's just an assumed risk," he said.
Jeff Moore, principal at Wave7 Research, a firm that analyzes competition in the telecom industry, also thinks this is not just a T-Mobile problem, but an industry issue.
"When T-Mobile has had issues in the past, the company has generally handled things in a straightforward way. I don't see much customer impact from this," Moore said.
Data from 451 Research's "Voice of the Connected User Landscape: Connected Customer, Trust and Privacy" survey, however, shows some consumers rethink their relationship with a business if it suffers a data breach that exposes the consumer's data. Among respondents who had been notified that they were affected by the breach, nearly 1 in 5 respondents reduced business with the company that was breached. About 15% canceled their accounts and switched to new providers.
The breach could make customers more susceptible to phishing scams that seem realistic to customers because the hacker is able to create targeted schemes with personal data, Entner said. Entner noted that multifactor authentication systems, which are commonly used by online banking services, are the best defense companies have against these scams.
T-Mobile said it will begin offering an extra step to protect mobile accounts with "Account Takeover Protection capabilities" for postpaid customers, which will make it harder for customer accounts to be fraudulently ported out and stolen.