In addition to posting the notice on their website, the company has also begun sending text messages to all impacted customers. Users who had their financial information exposed are directed to a link that includes the following information:
"The personal information accessed could include names and addresses, Social Security numbers, financial account information and government identification numbers, as well as phone numbers, billing and account information, and rate plans and features."
Users whose financial information was not exposed are directed via text message to a different page that bears the message:
"The information accessed may have included customer names and addresses, phone numbers, account numbers, rate plans and features and billing information. Your financial information (including credit card information) and Social Security number were not impacted."
If your financial information was impacted, you should have already received a free two-year subscription to the myTrueIdentity online credit monitoring service. Those whose financial information was not exposed are not being offered anything.
Although nothing about the T-Mobile notification indicates that passwords were impacted, if you received a notification from the company, just to be safe, it would be an excellent idea to reset your password.
This is a good time to issue a general reminder that one of the most common and persistent problems people have in the online world stems from the tendency to use the same password across multiple websites. If that's something you're still in the habit of doing, this is an excellent time to consider a different approach.