• Skip to primary navigation
  • Skip to main content

D A V I S / N O R R I S

Our Most Important Case is Yours

  • About Us
    • Our History
    • Our Attorneys
      • D. Frank Davis
      • John E. Norris
      • Wesley W. Barnett
      • Karl E. Dover
      • Dargan Ware
      • Andrew Wheeler-Berliner
  • What We Are Working On
    • Illegal Fees Added to Car Lease Buyouts
    • Cash App (Zelle, Venmo) and Debit Card Scams
    • Data Breach Investigations
    • Slots App Investigation
    • Personal Injury and Workers Compensation
  • How Can We Help You?
You are here: Home / Current Investigations / Data Breach Investigations

Data Breach Investigations

Identity Theft in 2021 was 23% Higher than All-Time High

This is according to a recent report by the the Identity Theft Resource Center (ITRC), a nationally recognized nonprofit organization established to support victims of identity crime. Similarly, the number of data events involving sensitive personal information like SSNs increased from 80% to 83% in the same period. However, they remained below the record high of 95% set in 2017.

Although the number of victims (293,927,708) reduced by 5% in 2021, the researchers described the number as “excessively high.” They attributed the small reduction to cybercriminals focusing on specific data types instead of conducting mass breaches.

What to do if you get a Data Breach Notice

CyberScout suggests the following:

1. Read the notice carefully to learn what information may have been exposed and how. (Keep the notice in case you ever need to prove that your data was compromised through no fault of your own.)

2. Review the breached account. Identify what information it contained and what was compromised. Look for unauthorized activity, such as a change in address or telephone number.

3. Know exactly what’s at risk. If it’s debit or credit card numbers only, there’s a good chance someone will try to use them. On the upside, exposure is limited and, if your bank thinks the risk is high, it will automatically reissue new cards (effectively shutting down the identity thief). Degree of risk gets stickier when data like Social Security numbers, birth dates, and addresses are stolen. This information has a long shelf life and can be traded internationally among organized criminals. It’s valuable because, unlike a single credit card number, it can spawn dozens of new accounts. While it’s less likely to be used than a single stolen credit card number (which requires much less time and work), potential damage to your good name is greater.

4. If you’re offered a year of free credit monitoring, take it.

5. Pay extra attention to your account and billing statements. Check for charges that aren’t yours.

6. Check your credit report and watch for other fraud. After about 30 days (long enough for fraudulent activity to show up), log on to annualcreditreport.com to get a free copy of your credit report from each of the three major credit bureaus. Look for any unusual activity. Investigate suspicious activity and stay on top of it until the matter is resolved. Also, look for signs of fraud in your medical files, on your Social Security statement, in insurance claims, or in public records.

7. Change all user access credentials. If you use the same passwords for other financial institutions, change them. Watch financial statements—on paper and online—for unauthorized transactions. Be aware of potential email, phone and snail-mail scams. Enable text and email alerts when possible.

8. Notify existing creditors of the breach. Consider canceling your cards and getting new ones. Take advantage of issuers’ services that alert you to unusual transactions.

9. Place a fraud alert on your credit file. An alert placed with any one of the three major credit bureaus signals to potential creditors that you could be a victim of identity theft.

But Most Importantly – Contact Davis & Norris if you have been the Victim of a Data Breach

All contact information you provide us is saved in our system. Davis & Norris will never share your information with other law firms or marketing companies.

Current Data Breaches Davis & Norris is Pursuing:

T-Mobile Blames Bad Actor for Data Breach

On August 17th, 2021, T-Mobile stated on one of its websites that “[l]ate last week we were informed of claims made in an online forum that a bad actor had compromised T-Mobile systems.”

T-mobile, in an update to that post, states ” [w]e have sent communications to millions of customers and other affected individuals and are providing support in various ways. This includes:

  • Offering two years of free identity protection services with McAfee’s ID Theft Protection Service to any person who believes they may be affected
  • Recommending that all eligible T-Mobile customers sign up for free scam-blocking protection through Scam Shield
  • Supporting customers with additional best practices and practical security steps like resetting PINs and passwords
  • Publishing a customer support webpage that includes information and access to these tools at https://www.t-mobile.com/brand/data-breach-2021.”

The website identified in the last bullet point appears to be down as of August 23rd, 2021.

What Data was Exposed and How Many were Affected?

T-mobile states the following information was exposed:

  • First and Last Names
  • Dates of Birth
  • Social Security Numbers
  • Driver’s License and ID card information, and
  • IMEI and IMSI information – identifier numbers associated with a mobile phone

One report states that the T-Mobile data breach exposed the personal info of more than 47 million people. According to a T-Mobile website, over 40 million of those exposed are former or prospective T-mobile customers. The rest are current customers, including prepaid customers.

What Should You Do?

Multiple class action lawsuits have been filed concerning T-Mobile’s data breach. If you are included in the class definition for one of these lawsuits, then you can wait for the outcome of it and receive whatever is determined by either judgment or settlement.

However, The California Consumer Privacy Act grants consumers a limited private right of action against the unauthorized access and exfiltration, theft, or disclosure of certain types of personal information, including the right to seek statutory damages.

The attorneys of Davis & Norris have brought thousands of individual claims in arbitration. In most cases, whatever you recover in arbitration is yours to keep. Typically, our fees are submitted and paid separately from the amounts we recover for our clients. Additionally, arbitration offers an expedited means to get resolution of a legal claim versus litigation through the court system.

How do I signup with Davis & Norris?

To determine if you qualify for our case, please answer a few questions below and a member of our team will evaluate your potential claims against T-Mobile.

Davis & Norris never sells your information to third parties for solicitation purposes.

Why is this Data Breach Unique?

As a recent article by Wired states, unfortunately “there’s… the reality that most people’s data has been leaked at some point or another.” This can potentially lead to individuals not caring as much when a data breach is announced.

The T-Mobile Data Breach is one that you absolutely must pay attention to, because “the breach offers potential buyers a blend of data that could be used to great effect, and not in ways you might automatically assume.”

The article goes on to explain a few scenarios:

““This [Data Breach] is ripe for using the phone numbers and names to send out SMS-based phishing messages that are crafted in a way that’s a little bit more believable,” says Crane Hassold, director of threat intelligence at email security company Abnormal Security. “That’s the first thing that I thought of, looking at this.”

Yes, names and phone numbers are relatively easy to find. But a database that ties those two together, along with identifying someone’s carrier and fixed address, makes it much easier to convince someone to click on a link that advertises, say, a special offer or upgrade for T-Mobile customers. And to do so en masse.

The same is true for identity theft. Again, a lot of the T-Mobile data is out there already in various forms across various breaches. But having it centralized streamlines the process for criminals—or for someone with a grudge, or a specific high-value victim in mind, says Abigail Showman, team lead at risk intelligence firm Flashpoint.

And while names and addresses may be fairly common grist at this point, International Mobile Equipment Identity numbers are not. Because each IMEI number is tied to a specific customer’s phone, knowing it could help in a so-called SIM-swap attack. “This could lead to account takeover concerns,” Showman says, “since threat actors could gain access to two-factor authentication or one-time passwords tied to other accounts—such as email, banking, or any other account employing advanced authentication security feature—using a victim’s phone number.”

That’s not a hypothetical concern; SIM-swap attacks have run rampant over the past several years, and a previous breach, which T-Mobile disclosed in February, was used specifically to execute them.”

 

 

 

 

 

Lawyers of Davis & Norris, LLP are admitted in Alabama, California, and Tennessee. Where necessary, Davis & Norris, LLP may associate attorneys licensed in your jurisdiction, or refer your potential claim to a licensed attorney in your jurisdiction at no added cost to you. Davis & Norris, LLP does not take cases in all jurisdictions. This is an attorney advertisement. Contacting an attorney, especially by insecure electronic means, does not by itself create an attorney-client relationship and may not be confidential. The choice of a lawyer is an important decision and should not be based solely upon advertisements. Images contained in advertisements or our website (except those on attorney pages) are stock footage obtained from internet sources, and do not depict actual lawyers or clients. At least one attorney on any advertisement is responsible for its content. No representation is made that the quality of legal services to be performed is greater than the quality of legal services performed by other lawyers.