Consumer Alert: T-Mobile confirms it was hacked. Here’s what you should do.

ROCHESTER, N.Y. (WHEC) — Monday’s consumer alert potentially affects more than 100 million Americans, and I’m one of them. Not only was I investigating reports of a massive data breach, but I also was taking steps to protect my own credit. If you’re a T-Mobile customer, you may want to take steps as well.

Vice News broke the story Sunday. It found an underground forum where a hacker claimed they were selling the Social Security and driver’s license numbers of 30 million people. They were asking for 6 Bitcoin, which is about $270,000, and they said the data was just part of the personal information they’d stolen from more than 100 million T-Mobile users.

The hacker claimed they got the motherload, including your name, address, phone number, Social Security number, and driver’s license number.

In a statement released Monday, T-Mobile confirmed hackers gained access to the telecom giant’s systems but are still working to determining if any personal customer data was stolen.

"We have determined that unauthorized access to some T-Mobile data occurred, however, we have not yet determined that there is any personal customer data involved," the statement read in part. "We are confident that the entry point used to gain access has been closed, and we are continuing our deep technical review of the situation across our systems to identify the nature of any data that was illegally accessed. This investigation will take some time but we are working with the highest degree of urgency. Until we have completed this assessment we cannot confirm the reported number of records affected or the validity of statements made by others."

Remember, T-Mobile and Sprint have merged. So, are Sprint customers potentially affected as well? As you can see, T-Mobile didn’t address that question.

Here’s what you need to do to protect yourself. You need to make sure that no one can borrow money using your identity, so you have a few choices.

• A Fraud Alert. It’s free. It makes companies verify your identity before opening a new line of credit in your name. It’s easy. All you have to do is contact one of the three credit bureaus and that bureau must then contact the other two. A fraud alert usually expires in one year.
• A Credit Lock. It’s free with Transunion and Equifax, but Experian charges a monthly fee. Unlike a freeze, it’s not governed by federal law. It’s essentially an agreement between you and the credit agency. It’s easy to set up and cancel; usually, it can be done with an app. It may be an easier option if you anticipate needing to make a big purchase or borrow money in the near future.
• A Credit Freeze. By federal law, the bureaus must freeze your credit within 24 hours of your request and unfreeze it in an hour. You must contact all three agencies to freeze your credit with each bureau.

Consumer Reports recommends freezing your credit rather than locking it because it offers you federal protections if someone opens a line of credit in your name.

For that reason, I’ve chosen a credit freeze. All of these options have pros and cons; the only bad option is to do nothing. And remember, you need to take action with all three bureaus: Experian, Equifax and TransUnion. Freezing your credit with one agency and not the others is like locking your front door but leaving the back door wide open. Don’t procrastinate.

This cybersecurity incident is potentially a bad one if the hacker has our Social Security and driver’s license numbers. Click on the links above for the three credit bureaus and take action today.