T-Mobile’s latest data breach exposed users to SIM swapping attacks

T-Mobile is the only telecom giant to suffer at least three known data breaches in 2021.

Another day, another data breach at T-Mobile – This time, the Bellevue, Washington-based telecom giant has acknowledged suffering a cyberattack in which the personal information of “a very small number of customers” was accessed by unknown attackers.

What happened?

According to internal documents seen by T-Mo, the exposed information which included account number, name, phone number, and package details, etc. was accessible through the company’s customer proprietary network information (CPNI) and allowed attackers to carry out sim swapping attacks against unsuspected customers.

What is SIM Swapping?

For your information, SIM swapping is also known as SIM Hijacking. It is a kind of identity theft in which an attacker manages to create a new SIM card of any number fraudulently and use it for personal gains, without the knowledge or consent of the original user of the phone number.

To get the duplicate SIM card, the attacker usually calls the telecom firm and convinces their customer support service for being the actual owner of the phone number by providing the target’s personal information. Thus, the telecom firm ports the phone number to a new SIM card that is received by the attacker.

It is due to SIM Swapping attacks users including celebrities and top executives have lost millions of dollars to cybercriminals in the last few years.

As for T-Mobile’s latest breach; the company confirmed in a statement that:

We informed a very small number of customers that the SIM card assigned to a mobile number on their account may have been illegally reassigned or limited account information was viewed. Unauthorized SIM swaps are unfortunately a common industry-wide occurrence, however this issue was quickly corrected by our team, using our in-place safeguards, and we proactively took additional protective measures on their behalf.

It rains data breaches at T-Mobile

It is worth noting that T-Mobile has more than 104 million subscribers yet its security measures are highly dubious. In 2021 alone, the company suffered two successful data breaches (1 and 2) in which millions of its customers’ data was stolen and sold on hacking forums.

The hacker who claimed responsibility for one of the attacks called the carrier’s security “awful.”

From 2015 to 2021, T-Mobile has made headlines for several other security-related incidents including exposure of customers’ data, a security vulnerability that allowed mass hijacking of customers’ accounts, and the list goes on…

At the time of writing, other than a tweet, no other information was released by T-Mobile. However, in case they do; this article will be updated accordingly.

To Top

Pin It on Pinterest

Share This