How to Prevent the T-Mobile (or Experian or Target) Breach from Happening Again
T-Mobile recently disclosed that hackers obtained millions of records containing personal information from current and past customers -- details like their addresses, Social Security Numbers, and phone numbers -- that can be used to steal their identities.
Before T-Mobile, there was Experian. And Target. This has happened countless times before, and it will happen again. But it does not have to, with some easy improvements to how we verify a person’s identity.
In the case of the T-Mobile hack, the hackers claim that some of the data they were able to access includes the names, dates of birth, SSNs, driver’s licenses, addresses and phone numbers of current, past, and prospective customers. They’re looking for a buyer and, almost certainly, they will find one or more. These hacks understandably further erode customer confidence in the security of their personal information -- and some will end up the victims of identity theft as the result of these hacks.
What Current and Past T-Mobile Customers Should Do Now
In the short term, consumers should follow the advice of experts: freeze your credit, sign up for credit monitoring, check your bank statements regularly, and more. When possible, people should ask how long their data is stored when signing up for a service, and read their privacy and security policies to better make an informed decision. And when you no longer use a service, close or ask to delete your account (and data), rather than simply leaving it dormant. But those are not always options, and switching providers when you find something concerning certainly is not either.
The Future of Identity Security
Longer term, we need to figure out a better way -- a way to make this data worth less. We can make this data less useful to hackers by making some services require additional verification steps, like requiring a liveness check (also known as a selfie check) and documentary verification when opening new accounts. Consumers and businesses alike can protect themselves from fraud by ensuring that the person applying for an account is both a real live person and that the face on their identity documents matches the face of the real person opening the account.
With Cognito Flow, we make this more secure ID verification easy for both the business and the end user. The added verification steps only take a few extra seconds, and are completed using accurate artificial intelligence without requiring human verification. Requiring these extra pieces of data will reduce fraud dramatically without adding too much friction to the sign up process. And, most importantly, they’re impossible to hack. You can’t buy a liveness check and accompanying physical ID documents on the internet.
By adopting stricter verification standards, we can secure people’s identities with minimal effort and make serious data breaches a problem of the past.