Consumers mostly ignore data breaches now. That's because since Target had 40 million customers' personal and credit card data breached back in 2014, there have been so many incidents that the public has become either numb or bored.
The Target attack sent the chain's share price down and scared customers away. Healing the damage and winning customer trust back took significant effort, while later, larger breaches at Home Depot and Equifax were met with lots of news coverage but little consumer impact.
That appears to be the case with the latest data breach involving 2 million to 3 million T-Mobile (NASDAQ:TMUS) customers. All those affected, less than 5% of the company's roughly 75 million wireless customers, received a text message from the company on Aug. 24 alerting them to the breach.
Most people probably glanced at it, deleted it, and gave it very little thought. That's good for shareholders -- the stock only dropped from $65.45 at market open to $65.41 at market close -- but are consumers doing the right thing?
T-Mobile's text message and associated Web post downplayed the seriousness of the attack. The company's messaging made it clear that credit card information was not compromised.
On August 20, our cyber-security team discovered and shut down an unauthorized access to certain information, including yours, and we promptly reported it to authorities. None of your financial data (including credit card information) or social security numbers were involved, and no passwords were compromised. However, you should know that some of your personal information may have been exposed, which may have included one or more of the following: name, billing zip code, phone number, email address, account number and account type (prepaid or postpaid).
The company did not really address how the breach happened. It was also somewhat vague as to the steps it was taking to prevent future attacks, only saying that "we have a number of safeguards in place to protect your personal information from unauthorized access, use, or disclosure." T-Mobile did apologize multiple times and reminded customers that "it's always a good idea to regularly change account passwords."
What should you do?
Because credit card and password information wasn't stolen, customers aren't wrong to mostly ignore this issue. This is a situation where changing your password makes sense but no other action needs to be taken.
In the case of other breaches, however, consumers are making a mistake in ignoring them just because they've become frequent. In general, if you shop at a store or use a service where passwords or credit card information is breached, it's important to be proactive and do the following things:
- Monitor your accounts looking for charges you didn't make. If you see one, alert your bank immediately.
- Change your passwords -- not just on the affected account but also on any others that use the same password.
In general, it's a good idea to audit your accounts regularly. Look at all bank and credit card statements for purchases you may not have made. Sometimes thieves make very small charges that are easy to overlook. Be vigilant and question anything that doesn't make sense.
The T-Mobile data breach may not have been a cause for alarm. That doesn't mean breaches should be ignored. Instead, this should be a wake-up call that just because something bad happens frequently and seems to not affect you doesn't mean you should let your guard down.