Sprint, an American mobile telecom provider, has proactively reset their customers’ account PIN following a data breach that has affected an “unknown” number of accounts.
In a letter sent by Sprint to its customers, Sprint said that the data breach could have affected any account, so they are resetting everyone’s PIN as part of a safety mechanism to mitigate the effects of the data breach.
“Your account PIN may have been compromised, so we reset your PIN just in case in order to protect your account,” reads the notification letter sent by the telecom provider to its users.
According to the company, their team was informed, on June 22nd, of a data breach that allowed a threat actor to gain unauthorized access to their user’s accounts by exploiting an unpatched vulnerability in Samsung’s website “add a line” feature. The “add a line” feature in Samsung.com allows Samsung users to connect their mobile line (including that availed from Sprint) to their Samsung devices.
Sprint, a Kansas-based telecom network founded in 1899 in Abilene, Kansas, claims that they have a total of 54.5 million as of March this year. According to the letter sent by the company to its users, it is still unclear how many of the millions of their users are affected by the breach.
The leak, as stipulated by their notification to customers, includes users’ personal information such as phone number, device type, device ID, monthly recurring charges, subscriber ID, account number, account creation date, upgrade eligibility, first and last name, billing address, and add-on services. Nonetheless, Sprint clarified that no sensitive information that could cause serious identity theft, and fraud was accessed by the hacker/s.
“We take this matter, and all matters involving Sprint customer’s privacy, very seriously,” assures the company to its users.
As of June 25th, the company has said to have “re-secured” their users account and they have taken appropriate measures to protect their users from any untoward fraud and malicious attacks against their identities.
“Sprint has taken appropriate action to secure your account from unauthorized access and has not identified any fraudulent activity associated with your account at this time. Sprint re-secured your account on June 25, 2019, with the following notification to your Sprint phone device: Your account PIN may have been compromised, so we reset your PIN just in case in order to protect your account,” they wrote in the letter.
Furthermore, the same letter includes different mitigation procedures that users can do in order to protect themselves from malicious attacks. The company also urges its users to follow the protocols set by the Federal Trade Commission to help secure their identities.
“As a precautionary measure, we recommend that you take the preventative measures that are recommended by the Federal Trade Commission (FTC) to help protect you from fraud and identity theft. These preventative measures are included at the end of this letter. You may review this information on the FTC’s website at www.ftc.gov/idtheft and www.IdentityTheft.gov or contact the FTC directly by phone at 1-877-438-4338 or by mail at 600 Pennsylvania Avenue, NW, Washington, DC 20580,” they added.
What to do to protect yourself after the data breach?
Place a fraud alert on your credit reports, and review your credit reports.
As part of Sprint’s effort to help their customers protect themselves, they are encouraging their users to contact at least one of the three toll-free fraud alert company below. A user only needs to contact one company as whoever they chose to contact is legally required to submit the fraud alert report to the other two.
TransUnion Fraud Victim Assistance P.O. Box 2000 Chester, PA 19016
1-800-465-7166 Equifax Information Services LLC P.O. Box 105069 Atlanta, GA 30348-5069
Experian PO Box 9701, Allen, TX 75013
“Once you place the fraud alert in your file, you’re entitled to order one free copy of your credit report from each of the three consumer reporting companies. If you find fraudulent or inaccurate information, get it removed,” the company advised.
Other steps to protect yourself include:
- Close the accounts that you believe have been tampered with or opened fraudulently.
- File a report with your local police or the police in the community where the identity theft took place.
- Visit the Federal Trade Commission’s Identity Theft website, IdentityTheft.gov, or for more information on reporting and recovering from identity theft.
- Contact your state’s Attorney General or Consumer Protection Agency for more information on reporting and recovering from identity theft.