Attorney General Bonta Urges Consumers Impacted by 2021 T-Mobile Data Breach to Take Proactive Steps to Protect Their Personal Information

OAKLAND – Attorney General Rob Bonta today, as part of a multistate coalition, issued a consumer alert for those impacted by the August 2021 T-Mobile data breach, which affected 53 million individuals, including over 6 million California residents. On August 17, 2021, T-Mobile reported a data breach compromising the sensitive personal information of millions of current, former, and prospective T-Mobile customers. Among other categories of impacted information, millions had their names, dates of birth, Social Security Numbers, and driver’s license information compromised. Attorney General Bonta urges anyone who believes they were impacted by the data breach to take the appropriate steps to protect their personal information from identity theft and to take advantage of identity protection services. 

“Having your data compromised can be an experience that leaves you feeling vulnerable and scared. I want Californians impacted by the 2021 T-Mobile breach to know that they are not defenseless against identity theft,” said Attorney General Bonta. “I encourage anyone who believes they have had their identity compromised to take advantage of the resources available to help protect them and their personal information. This includes any former and prospective customers who were not necessarily T-Mobile customers at the time of the breach.” 

Recently, a large subset of the information compromised in the breach was discovered for sale on the dark web — a hidden portion of the Internet where cyber criminals buy, sell, and track personal information. Many individuals subsequently received alerts through various identity theft protection services informing them that their information was found online in connection with the T-Mobile breach, confirming the worst: individuals impacted by the breach are at heightened risk for identity theft.

Attorney General Bonta urges anyone who believes they were impacted by the T-Mobile breach to take the following steps to protect themselves from identity theft:

• Monitor your credit. Credit monitoring services track your credit report and alert you whenever a change is made, such as a new account or a large purchase. Most services will notify you within 24 hours of any changes to your credit report.   

• Consider placing a free credit freeze on your credit report. Identity thieves will not be able to open a new credit account in your name while the freeze is in place. You can place a credit freeze by contacting each of the three major credit bureaus:

• Equifax: https://www.equifax.com/personal/credit-report-services/credit-freeze/; 888-766-0008

• Experian: https://www.experian.com/freeze/center.html; 888-397-3742

• TransUnion: https://www.transunion.com/credit-freeze; 800-680-7289

• Place a fraud alert on your credit report. A fraud alert helps protect you against the possibility of someone opening new credit accounts in your name. A fraud alert lasts 90 days and can be renewed. To post a fraud alert on your credit file, you must contact one of the three major credit reporting agencies listed above. Keep in mind that if place a fraud alert with any one of the three major credit reporting agencies, the alert will be automatically added by the other two agencies as well.

• Additional Resources. If you are a victim of identity theft, contact your local police department or sheriff’s office right away. You may also report identity theft and generate a recovery plan using the Federal Trade Commission’s website at identitytheft.gov. For more information and resources visit the Attorney General’s website at oag.ca.gov/idtheft. 

Attorney General Bonta has made it a priority to protect consumers from all forms of identity theft. Earlier this year, he joined a multistate coalition urging the Federal Communications Commission to stop the flood of illegal foreign-based robocall scams that “spoof” U.S. phone numbers by imposing additional obligations on U.S.-based telecom companies that first receive these calls. In February, he issued out a consumer alert instructing Californians on best practices to prevent identity theft. In October of last year, Attorney General Bonta provided consumers and businesses with tips on how to defend against cybersecurity threats. In November of last year, Attorney General issued a consumer alert warning veterans and their families to be aware of targeted scams and fraud.