T-Mobile falls victim to new security breach
T-Mobile is currently facing a new challenge. In less than six months, the Un-carrier is facing a new security breach in its customer database.
As compared to the August 2021 hack, however, the new breach doesn’t pan in comparison. The T-Mo Report earlier shared internal documents detailing the “unauthorized activity” that the Un-carrier noted on some customer accounts. The report shared that some customers experienced an active SIM swap, customer proprietary network information (CPNI) access, or both.
The internal document reveals how T-Mo classifies affected customers into three categories:
“Affected customers fall into one of three categories. First, a customer may have only been affected by a leak of their CPNI. This information may include the billing account name, phone numbers, number of lines on the account, account numbers, and rate plan info. That’s not great, but it’s much less of an impact than the breach back in August had, which leaked customer social security numbers.
The second category an affected customer might fall into is having their SIM swapped. This is where a malicious actor will change the physical SIM card associated with a phone number in order to obtain control of said number. This can, and often does, lead to the victim’s other online accounts being accessed via two-factor authentication codes sent to their phone number. The document says that customers affected by a SIM swap have now had that action reversed.”
The last category includes customers who experienced both.
Right now, T-Mobile has not given any further information on the attack. But they have acknowledged the breach and have sent out a notice to “a very small number of customers” who were victims of the SIM swap attacks.“We informed a very small number of customers that the SIM card assigned to a mobile number on their account may have been illegally reassigned or limited account information was viewed. Unauthorized SIM swaps are unfortunately a common industry-wide occurrence, however this issue was quickly corrected by our team, using our in-place safeguards, and we proactively took additional protective measures on their behalf.”
Source: The T-Mo Report