After T-Mobile data found on dark web, Attorney General Ellison urges Minnesotans to protect personal information from identity theft

Millions of personal records recently found for sale on dark web from August 2021 T-Mobile data breach that affected 670K Minnesotans, 53M Americans

March 2, 2022 (SAINT PAUL) — In the wake of millions of Americans’ personal information that was compromised in the massive August 2021 T-Mobile data breach being recently found on the dark web, Minnesota Attorney General Keith Ellison today urged all Minnesotans who believe their personal information was compromised by the T-Mobile data breach to take steps to protect themselves from identity theft. 

Attorney General Ellison has joined forces with a coalition of 48 attorneys general who are investigating the August 2021 data breach of T-Mobile that compromised the sensitive personal information of millions of T-Mobile customers: not only current customers, but past and potential customers of T-Mobile as well. Attorney General Ellison and the coalition are investigating whether T-Mobile violated state privacy and consumer protection laws by failing to appropriately safeguard personal information. 

“Our personal information should be exactly that — personal. When our personal information gets compromised, it hurts our ability to afford our lives and keep ourselves and our families safe,” Attorney General Ellison said. “T-Mobile’s data breach last year was a massive betrayal of Minnesotans’ trust. While almost every attorney general in America and I continue to investigate T-Mobile for this data breach, I strongly urge all Minnesotans who think they may have been harmed by it to take steps to protect themselves and their personal information from identity theft. I want to stress that this includes people who weren’t T-Mobile customers at the time, because the data breach compromised the personal information of former and prospective customers as well as current ones,” Attorney General Ellison continued. 

August 2021 T-Mobile data breach and aftermath 

On August 17, 2021, T-Mobile confirmed a criminal cyberattack on the T-Mobile environment. The data breached in the attack belonged to more than 53 million individuals, including 670,505 Minnesota residents. Millions had their names, dates of birth, Social Security numbers, and driver’s license information compromised, among other personal information. 

In the aftermath of the data breach, T-Mobile offered two years of free identity protection services through McAfee’s ID Theft Protection Service to any person believed to be harmed by the breach. The enrollment for this service has since expired. 

In January of this year, a large subset of the information compromised in the breach, composed of millions of records, was discovered for sale on the dark web — a hidden portion of the Internet where cyber criminals buy, sell, and track personal information. Those individuals who had signed up various identity-theft protection services received alerts from those services informing them that their information was found online in connection with the T-Mobile breach. These alerts confirmed that individuals affected by the T-Mobile breach are at heightened risk for identity theft.  

However, the number of people who received alerts represents less than one percent of the total number of Americans whose personal data were compromised, meaning that people who believe they were affected should take additional steps to protect their personal information. 

How consumers can protect themselves 

Attorney General Keith Ellison reminds Minnesotans that the data breach affected not only current T-Mobile customers, but past customers and potential customers who may have provided T-Mobile with the personal information. He urges anyone who believes they were affected by the T-Mobile breach to take the following steps to protect themselves: