T-Mobile's widely publicized data breach -- involving the theft of around 50 million people's Social Security numbers and other sensitive information -- is raising new concerns about companies' data-retention practices.
This week, T-Mobile confirmed that hackers had obtained full names, birthdates, Social Security Numbers and driver's license information for more than 40 million former or prospective customers, as well as 7.8 million current customers.
The telecom collects that information when running credit checks of people who apply for post-paid accounts.
T-Mobile also said hackers obtained names, phone numbers and account PINS for around 850,000 prepaid customers.
The incident marks at least the third data breach for T-Mobile in the last four years.
The watchdog Free Press is calling on federal officials to investigate the telecom, and for lawmakers to crack down on the collection and retention of sensitive data.
“If companies need to conduct a credit check, and they need the Social Security number to do that, that information should be collected in an encrypted fashion, and not stored,” Free Press research director S. Derek Turner says.
“It's flabbergasting that T-Mobile kept Social Security numbers of people who were no longer even customers of theirs,” he adds. “No business should ever retain a Social Security number.”
The organization is calling for regulators to investigate T-Mobile, and for the use of sensitive data like Social Security numbers to be "strictly regulated."
For years, privacy advocates have argued that companies should be required to shed data after it's no longer needed for the purpose for which it was collected.
T-Mobile says it plans to offer two years of free McAfee ID theft protection to people “who may be at risk," due to the hack.
News of the data breach surfaced over the weekend, when Motherboard reported that hackers were attempting to sell the data. The publication said one seller sought around $270,000 in bitcoin for 30 million Social Security numbers and driver licenses obtained from T-Mobile.