Mobilelink Data Breach Affects 40k: SSNs Exposed

Mobilelink, a major wireless retailer based in Sugar Land, Texas, disclosed a data breach that exposed sensitive personal information of consumers. The company, formally operating as Master Mobilelink LLC and Mobily LLC, is one of the largest brick-and-mortar wireless retailers in the United States and the largest authorized retailer for Cricket Wireless.

A total of 40,174 individuals were impacted as a result of this breach. This number includes 12,201 Texas residents, 1,180 Indiana residents, 18 Massachusetts residents, and three New Hampshire residents.

Additionally, the breach was disclosed to the Vermont Attorney General.

What happened in the Mobilelink data breach

On Dec. 2, 2025, DragonForce posted a claim on the dark web using the Tor network, which is a part of the internet not accessible through standard web browsers and often used by cybercriminals.

In its posting, DragonForce stated it had obtained 5.04 terabytes of data from Mobilelink's systems. The group threatened to publish the stolen data within seven to eight days.

The dark web posting appeared approximately four months before the breach was formally disclosed to regulators.

The types of personal information exposed in the breach included names, Social Security numbers, financial information (such as account numbers and credit or debit card numbers) and dates of birth.

Mobilelink's response to the breach

Mobilelink is notifying affected individuals of the breach through letters sent by U.S. Mail. Consumers who may have been affected should watch their mailboxes for a notification letter from the company and read it carefully for important information.

Because of the severity of the exposed data, anyone who receives a notification letter from Mobilelink should treat it as a high priority and take protective steps right away.

Steps to take if your information was exposed

• Place a credit freeze or fraud alert on your credit file. Contact Equifax (1-800-525-6285), Experian (1-888-397-3742) and TransUnion (1-800-680-7289) to restrict access to your credit reports and help prevent new accounts from being opened in your name.
• Review your credit reports for unfamiliar activity. Request free copies of your credit reports at AnnualCreditReport.com and look for any accounts, inquiries or address changes you do not recognize.
• Monitor your bank and credit card accounts closely. Because financial account information was exposed, review your statements regularly for unauthorized transactions and report any suspicious activity to your financial institution immediately.
• Report suspected identity theft to the FTC. If you believe your information has been misused, visit IdentityTheft.gov to file a report and receive a personalized recovery plan.
• Be cautious of phishing attempts that reference the Mobilelink breach. Scammers may send emails, texts or phone calls pretending to be from Mobilelink in an effort to collect additional personal information.
• Consider requesting an IRS Identity Protection PIN. Because Social Security numbers and dates of birth were exposed, there is a risk of fraudulent tax filings, and an IP PIN can help prevent this.