Hackers steal even more Social Security numbers. How should you protect yourself?

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360

FILE - This Wednesday, Oct. 14, 2015, file photo shows a T-Mobile store in New York. A federal indictment accuses Huawei of stealing trade secrets from T-Mobile, in the form of a robot designed to automatically test phones for problems. (AP Photo/Richard Drew, File)

T-Mobile disclosed Friday that about 5 million more customers’ personal data was exposed in a recent breach than it previously estimated. (Associated Press / Richard Drew)

Another day, another massive data breach claimed by hackers. Days after a breach at T-Mobile exposed about 53 million people’s personal information, a hacking group known as ShinyHunters announced that it was auctioning 70 million sets of sensitive data purportedly stolen from AT&T.

The information offered for sale was similar in both breaches, including full names, addresses, birth dates and Social Security numbers. In short, it’s the foundation for identity theft.

AT&T responded Friday by casting doubt about the claim by the prolific ShinyHunters cabal, stating that “[b]ased on our investigation today, the information that appeared in an internet chat room does not appear to have come from our systems.”

Regardless of where the data came from, though, if it’s valid it could be a nightmare for anyone whose sensitive information is exposed. Here’s a quick guide to the risks you may face and some of the things you can do to protect yourself.

What are the risks?

Social Security numbers are widely used by the federal government, banks, investment companies, government benefit programs and insurers to verify your identity. Your stolen Social Security number can be used to open fraudulent credit card accounts, divert or fraudulently collect benefits and commit workplace fraud, among other forms of deceit. Throw in your name, birth date and email address (which the ShinyHunters claim to have stolen too), and it’s significantly easier for someone to pretend to be you.

Identity thieves could use that information to target both you and the banks, insurers and other companies you do business with. For example, they could use it to make phishing emails seem more realistic, helping to persuade you to give up additional sensitive information such as a password or personal identification number (PIN). Or they could use it to dupe your bank into letting them change the password on your account, giving them access to your money.

The T-Mobile breach also exposed the phone numbers, device identifiers and SIM-card numbers…