T-Mobile appears to be the victim of a massive data breach, with the hackers looking to sell personal data online for 100 million people.
In a forum post, the hackers say they collected phone numbers, physical addresses, and driver’s license information for the larger group, as well as roughly 30 million Social Security numbers. Motherboard, which first reported the hack, says it has confirmed the authenticity of the data, noting it matches the information of T-Mobile customers.
T-Mobile did not respond to Fortune’s request for comment.
While the initial post does not mention the cellular company, the hackers told Motherboard the data came from T-Mobile.
The asking price for a subset of the personal information (the Social Security and driver’s license data) is six Bitcoin, roughly $270,000. The remainder of the accounts are reportedly being sold privately.
If you’re a T-Mobile customer and are worried about your information being vulnerable, here are a few steps you can take to provide ease of mind.
Step one: Monitor your accounts for fraudulent activity. Most Americans don’t keep close tabs on their checking and saving balance and don’t examine every item on their credit card bill—and hackers count on that.
Step two: Set up credit monitoring to ensure no one is using your personal information. T-Mobile has not yet offered any credit monitoring subscriptions to users. There are several third-party companies that will watch out for you, though, which don’t charge an exorbitant amount.
It’s also not a bad idea to sign up for a credit monitoring service, such as Equifax’s TrustedID Premier (though Equifax had a notable data breach of its own in 2017) or Credit Karma.
Step three: If you’re especially worried about identity theft, consider a credit freeze, which prevents new credit from being issued without your direct permission.
“Your best protection against someone opening new credit accounts in your name is the security freeze (also known as the credit freeze), not the often offered, underachieving credit monitoring,” notes the U.S. Public Interest Research Group.
Step four: Keep an eye on other accounts, especially if you use a shared password for those and you’ve been the victim of a previous data breach.
Step five: It’s time to change your passwords again. Yes, it’s a pain, but it’s a critical step, especially if you’re using the same password on multiple sites.
More tech coverage from Fortune:
- Crypto platform offers $500,000 “bug bounty” to hacker for returning stolen assets
- What are stablecoins? Your guide to the fast-rising alternative to Bitcoin and Ethereum
- Employees may need to keep up “the pretense of working” as automation spreads, says A.I. expert Kai-Fu Lee
- USD Coin is the latest stablecoin to have its stability cast in doubt
- Verizon offers free year of AMC+ to customers, but there’s a catch
Subscribe to Fortune Daily to get essential business stories straight to your inbox each morning.