T-Mobile's Latest Data Breach Linked to SIM Swap Attacks

Back in August, T-Mobile suffered a massive data breach impacting more than 50 million current, former, and prospective T-Mobile users, and now the cellular company is dealing with another smaller data breach incident.

tmobilelogo
Reports yesterday suggested that T-Mobile was aware of unauthorized activity affecting some customer accounts, and now, T-Mobile has confirmed that those reports were due to SIM swap attacks affecting a "very small number of customers."

In a statement to Bleeping Computer, T-Mobile said that impacted customers had been informed that they had been the victim of SIM swap attacks. In a SIM swap attack, social engineering is used to persuade T-Mobile employees to reassign the phone numbers linked to a person to someone else, allowing attackers to take over a phone number. This can be devastating, as phone numbers are often linked to email accounts, banking accounts, and other sensitive information.

We informed a very small number of customers that the SIM card assigned to a mobile number on their account may have been illegally reassigned or limited account information was viewed.

Unauthorized SIM swaps are unfortunately a common industry-wide occurrence, however this issue was quickly corrected by our team, using our in-place safeguards, and we proactively took additional protective measures on their behalf.

T-Mobile says that the attack has been mitigated and that the issue has now been corrected, but the company has not provided specific details on the number of customers impacted nor how the hackers were able to execute the SIM swap attacks.

In the August data breach, attackers were able to obtain phone numbers, addresses, birth dates, social security numbers, driver's license and ID info, IMEI numbers, and IMSI numbers for more than 50 million people, with the information offered up for sale.

T-Mobile CEO Mike Sievert apologized for the breach at the time, and said that T-Mobile was "truly sorry" for the incident, which was the result of a "bad actor" who used knowledge of T-Mobile's technical systems to gain access to testing environments, using brute force attacks to access T-Mobile's IT servers.

To prevent future attacks, T-Mobile entered into a long-term partnership with cybersecurity experts at Mandiant and with consulting firm KPMG LLP, and the company said that it was planning a multi-year investment to improve security.

Popular Stories

iPhone 16 Pro Sizes Feature

iPhone 16 Series Is Just Two Months Away: Everything We Know

Monday July 15, 2024 4:44 am PDT by
Apple typically releases its new iPhone series around mid-September, which means we are about two months out from the launch of the iPhone 16. Like the iPhone 15 series, this year's lineup is expected to stick with four models – iPhone 16, iPhone 16 Plus, iPhone 16 Pro, and iPhone 16 Pro Max – although there are plenty of design differences and new features to take into account. To bring ...
iPhone SE 4 Vertical Camera Feature

iPhone SE 4 Rumored to Use Same Rear Chassis as iPhone 16

Friday July 19, 2024 7:16 am PDT by
Apple will adopt the same rear chassis manufacturing process for the iPhone SE 4 that it is using for the upcoming standard iPhone 16, claims a new rumor coming out of China. According to the Weibo-based leaker "Fixed Focus Digital," the backplate manufacturing process for the iPhone SE 4 is "exactly the same" as the standard model in Apple's upcoming iPhone 16 lineup, which is expected to...
tinypod apple watch

TinyPod Turns Your Apple Watch Into an iPod

Wednesday July 17, 2024 3:18 pm PDT by
If you have an old Apple Watch and you're not sure what to do with it, a new product called TinyPod might be the answer. Priced at $79, the TinyPod is a silicone case with a built-in scroll wheel that houses the Apple Watch chassis. When an Apple Watch is placed inside the TinyPod, the click wheel on the case is able to be used to scroll through the Apple Watch interface. The feature works...
New MacBook Pros Launching Tomorrow With These 4 New Features 2

M5 MacBook Models to Use New Compact Camera Module in 2025

Wednesday July 17, 2024 2:58 am PDT by
Apple in 2025 will take on a new compact camera module (CCM) supplier for future MacBook models powered by its next-generation M5 chip, according to Apple analyst Ming-Chi Kuo. Writing in his latest investor note on unny-opticals-2025-business-momentum-to-benefit-509819818c2a">Medium, Kuo said Apple will turn to Sunny Optical for the CCM in its M5 MacBooks. The Chinese optical lens company...
iphone 14 lineup

Cellebrite Unable to Unlock iPhones on iOS 17.4 or Later, Leak Reveals

Thursday July 18, 2024 4:18 am PDT by
Israel-based mobile forensics company Cellebrite is unable to unlock iPhones running iOS 17.4 or later, according to leaked documents verified by 404 Media. The documents provide a rare glimpse into the capabilities of the company's mobile forensics tools and highlight the ongoing security improvements in Apple's latest devices. The leaked "Cellebrite iOS Support Matrix" obtained by 404 Media...
Apple Watch Series 9

2024 Apple Watch Lineup: Key Changes We're Expecting

Tuesday July 16, 2024 7:59 am PDT by
Apple is seemingly planning a rework of the Apple Watch lineup for 2024, according to a range of reports from over the past year. Here's everything we know so far. Apple is expected to continue to offer three different Apple Watch models in five casing sizes, but the various display sizes will allegedly grow by up to 12% and the casings will get taller. Based on all of the latest rumors,...

Top Rated Comments

sw1tcher Avatar
33 months ago

No wonder Apple wants to transition into eSim
eSIM is not going to 100% prevent SIM swap attacks.

The weak link is the customer service rep approving the swap.
Score: 22 Votes (Like | Disagree)
VulchR Avatar
33 months ago
Time to start compensating people directly and substantially when their data are hacked.
Score: 20 Votes (Like | Disagree)
noone Avatar
33 months ago
I think its about time TMobile gets heavily fined for every data breach they have. I understand that, despite best efforts, things can happen. But TMobile gets hit over and over and over and over and over again. At this point its pure negligence.
Score: 14 Votes (Like | Disagree)
BigBlur Avatar
33 months ago
Just curious, how does eSIM solve this? It’s not like they are actually swapping physical SIM cards…
Score: 14 Votes (Like | Disagree)
Apple$ Avatar
33 months ago
Maybe it's time for Apple to start their own MVNO company. At least in the US.
Score: 13 Votes (Like | Disagree)
jz0309 Avatar
33 months ago
Guess their engagement with cyber security experts is not working yet…
Score: 12 Votes (Like | Disagree)