Consumer Alert: T-Mobile confirms it was hacked. Here’s what can do today to protect your identity and your sanity.

ROCHESTER, N.Y. (WHEC) — Today’s consumer alert concerns the possible exposure of my Social Security number and yours as well if you’re a T-Mobile customer.

Today I updated two-factor authentication on every sensitive website I visit, including my bank, shopping websites, and PayPal. That’s because my name, address, phone, social security and driver’s license numbers could be for sale on the dark web.

That’s what we learned this weekend when journalists with Vice News were searching an underground forum and found a hacker selling the personal information of T-Mobile customers.

So what does T-Mobile have to say about all this? The company now acknowledges that it was hacked, but it’s still investigating whether customers’ personal information was stolen. But I’m not waiting for T-Mobile to finish its investigation. If there is any possibility that much personal data about me is for sale to the highest bidder, I’m taking steps now to protect myself. And so should you.

And here’s another reason why: Journalists with Vice News reported another important piece of data about us was in that mountain of stolen information, our unique IMEI numbers. That stands for International Mobile Equipment Identity. It’s a unique number tied to your phone and your phone only.

And if thieves have our unique identifiers, security experts say it may make it easier for them to do something called a SIM swap, a crime that’s become prevalent in recent years.

Your SIM card is that small plastic chip that tells your phone which number to use and which cellular network to connect to. In a SIM swap, thieves essentially steal your phone number by transferring your number from your SIM card to theirs.

You know when it happens because your phone suddenly stops working. Think about the number of accounts tied to your phone number like your bank, your email and your social media accounts. And any two-factor authentication codes that are usually sent to you via text message are now going to the thief.

That’s why I was changing the two-factor authentication security feature on all my accounts. Now those codes go to my authentication app instead.

Here’s how it works. To access my accounts, I have to provide not only my password but also a code sent to me through an authentication app.

So if my phone number is hijacked, I can still access my accounts using this security feature.

According to PC Magazine, here are some of the best apps:

• Twilio Authy
• Duo Mobile
• Lastpass authenticator
• Microsoft authenticator

All four of these apps encrypt and back up your account information so if you lose your phone, you can still access your accounts.

And lastly, change your password and PIN with T-Mobile.

I know it’s a lot. But there’s a reason Wired Magazine is saying quote “The T-Mobile data breach is one you can’t ignore.”

And if what is being reported is true, we can’t afford to wait for word from T-Mobile. We need to protect ourselves now.