Do you use Mint Mobile and did you receive a warning about a data breach? You are not alone and sadly, they are real notifications about a data breach that exposed customers’ personal information.
According to Mint Mobile, customer information that was exposed in the breach includes:
- Telephone number
- Email address
- SIM serial number and IMEI number (a device identifier similar to a serial number)
- A brief description of service plan purchased
Information about the breach was first reported on Reddit by readers and later confirmed by the official Mint Mobile Reddit account. “”If you received a notice via email from [email protected] on December 22, 2023, it is from Mint and is not a scam. The Customer Care number was setup to handle specific questions about this communication,” Mint Mobile said on Reddit.
Thankfully for customers, this breach didn’t include things like Social Security Numbers as Mint Mobile is prepaid and won’t collect this data. Sadly though it did include their personal contact information and SIM number.
Sadly though this data, according to Bleeping Computer, could still be used to conduct “SIM swapping attacks, which is when an attacker ports a person’s number to their own device.”
The last data breach from Mint Mobile came in 2021. This also comes as we learned earlier this month that Comcast suffered a simular massive data breach that also included the last four SSN numbers of Comcast customers.
Data breaches are becoming more common but there are things you can do to protect yourself. Here is a short list of things you can do to protect yourself.
Step 1: Move quickly when informed
A company is obligated to disclose whether the information you’ve supplied to them has been exposed, so keep an eye out for those notifications. Once notified, move quickly. Speed is of the essence when working to protect yourself.
Figure out what information has been exposed. That will help you determine the steps you need to take.
Just keep in mind that while a company needs to disclose that you’ve been involved in a data breach, it may not be so forthcoming with the details.
Step 2: Look at your passwords
If you’re like many people, you tend to recycle passwords across different accounts. It’s an awful practice – but given how many accounts people juggle, it’s understandable why they’ll resort to that. If one of those passwords happens to be one caught up in a breach, a hacker potentially has access to many different accounts and services in your name.
So if you are someone who uses the same password over and over, change them!
Better yet, sign up for a password manager, which will auto-generate different, complicated passwords for all of your different accounts, leaving you to just remember the single password.
But keep in mind that even password managers can be breached, as it did with Lastpass late last year. Bitwarden offers a fairly complete version of its password management software for free, but services like 1Passworld and Dashlane also offer more bells and whistles if you’re willing to pay a premium.
Just know that they’re not immune to attacks (look at Lastpass), so you may need to be prepared to move services if one shows it can’t adequately protect you.
Step 3: Two factor authentication
Adding a second layer of protection onto your most critical accounts is also key. That usually includes two factor authentication, in which you’re sent a second, randomized password or pin number to enter on top of your standard password, further ensuring that you are, indeed, you.
This is a feature offered by all banks and many services, so take advantage of it when possible.
Many offer text message-based multi-factor authentication, but given how easily it is for your cellphone number to get exposed, security experts recommend using an app-based authentication app like Google Authenticator or Authy. For those particularly vigilant, a physical fob like one from Yubikey is the ideal solution.
Step 4: Work with the credit agencies
You can file a fraud alert with the three credit bureaus, Experian, TransUnion and Equifax. That will have the agencies contact you for verification if someone attempts to file a credit application in your name.
Keep in mind the fraud alert only lasts for a year, after which you can manually extend it yourself.
You can also request to freeze or lock your credit, which limits or restricts other businesses from accessing your credit. Keep in mind this can be a hassle if you’re doing something like signing up for internet service, since the freeze will prevent the company from accessing your information.
Step 5: Continue to monitor your credit and accounts
Even after you lock your credit down, you’ll still need to maintain an eye on your different accounts. But sometimes, that can be overly burdensome, and it’s only human nature for that vigilance to fade over time.
You can choose to sign up for a service like Norton LifeLock or American Express’s CreditSecure to keep ongoing tabs on your accounts and passwords. These services keep tabs on whether your passwords or accounts have been exposed, and give you regular updates.