Using a vulnerability found on the official Samsung website, hackers were able to infiltrate a customer database for a major American mobile brand. The breach was so bad, in fact, that hackers obtained a vast amount of personal data from the attack —  including account settings, phone numbers, and even home addresses! With news in the air nearly every week regarding a data breach or cyberattack, it’s high time that journalists and tech researchers acknowledged that these events aren’t outliers — they’re the new normal! Read on to learn how one of the nation’s top carriers fell victim to this massive hack, as well as what you can do to secure your account if you’re a customer.

How did one faulty webpage lead to a major data breach for Sprint?

According to a letter that Sprint corporate is sending to affected customers, a major security breach occurred around June 22 of this year that resulted in the theft of personal data for a large number of customers. The company hasn’t explicitly stated how many have been affected, nor the exact timeline of the breach, but have confirmed that the risk of identity theft from the incident is low. Using a vulnerability found on the “Add a line” page on Samsung’s official website, hackers were able to access a database of information regarding Sprint customers. The information accessed during the breach is extremely personal and includes data points like device type, monthly charges, first and last name, personal phone number, and home addresses. Although Samsung says the risk of identity theft is low, these are still highly personal pieces of information that could easily lead to criminal activity like stalking, harassment, or blackmail via social engineering. These are not unusual tactics for dedicated cybercriminals, and with access to the stolen data, it’s not hard to imagine them taking full advantage of the situation.

I’m a Sprint customer! How can I protect myself and my data?

If you’re a Sprint customer, the above news may be alarming — but don’t worry. In its letter, Sprint claims it was able to successfully rescue all of the compromised accounts by resetting each account’s user PIN. Without this key, hackers cannot harness the information they’d need to continue their activities. It’s currently unknown how much time passed between the breach and Sprint resetting user PINs, but for those who are concerned Sprint is offering free credit reports and options for affected users to close their accounts if they wish to do so. If you’re happy with your Sprint service and wish to continue using it, the company is advising customers to reset the new PIN they applied to a personal one. This makes it easier for customers to access their accounts and provides an additional layer of protection against hackers. Aside from this step, however, there isn’t much that customers need to do on Sprint’s end to protect themselves further. On the personal end of things, however, it is advisable to follow Sprint’s instructions and check out your free credit report just in case. This will allow you to catch any changes that may have been made to your account fraudulently, such as a new line of credit opened in your name. Since hackers never rest, it’s up to everyone to keep tabs on their personal data and do their best to keep it from falling into the wrong hands. But with tech companies we depend on letting us down so often on data security, will that even be enough?