T-Mobile's Latest Data Breach Linked to SIM Swap Attacks

Back in August, T-Mobile suffered a massive data breach impacting more than 50 million current, former, and prospective T-Mobile users, and now the cellular company is dealing with another smaller data breach incident.

tmobilelogo
Reports yesterday suggested that T-Mobile was aware of unauthorized activity affecting some customer accounts, and now, T-Mobile has confirmed that those reports were due to SIM swap attacks affecting a "very small number of customers."

In a statement to Bleeping Computer, T-Mobile said that impacted customers had been informed that they had been the victim of SIM swap attacks. In a SIM swap attack, social engineering is used to persuade T-Mobile employees to reassign the phone numbers linked to a person to someone else, allowing attackers to take over a phone number. This can be devastating, as phone numbers are often linked to email accounts, banking accounts, and other sensitive information.

We informed a very small number of customers that the SIM card assigned to a mobile number on their account may have been illegally reassigned or limited account information was viewed.

Unauthorized SIM swaps are unfortunately a common industry-wide occurrence, however this issue was quickly corrected by our team, using our in-place safeguards, and we proactively took additional protective measures on their behalf.

T-Mobile says that the attack has been mitigated and that the issue has now been corrected, but the company has not provided specific details on the number of customers impacted nor how the hackers were able to execute the SIM swap attacks.

In the August data breach, attackers were able to obtain phone numbers, addresses, birth dates, social security numbers, driver's license and ID info, IMEI numbers, and IMSI numbers for more than 50 million people, with the information offered up for sale.

T-Mobile CEO Mike Sievert apologized for the breach at the time, and said that T-Mobile was "truly sorry" for the incident, which was the result of a "bad actor" who used knowledge of T-Mobile's technical systems to gain access to testing environments, using brute force attacks to access T-Mobile's IT servers.

To prevent future attacks, T-Mobile entered into a long-term partnership with cybersecurity experts at Mandiant and with consulting firm KPMG LLP, and the company said that it was planning a multi-year investment to improve security.

Popular Stories

iPhone SE 4 Thumb 1

'New' iPhone SE Product Listing Appears on French Website

Wednesday February 12, 2025 6:49 am PST by
As the wait continues for Apple's long-rumored, fourth-generation iPhone SE, French electronics retailer Boulanger has prematurely published a product listing for a "new" model of the iPhone SE. The placeholder page says the device is "coming soon," but it offers no further information, and the price shown is obviously not real. The listing was spotted by a reader of the French technology...
apple launch feb 2025

Tim Cook Teases an 'Apple Launch' Next Wednesday

Thursday February 13, 2025 8:07 am PST by
In a social media post today, Apple CEO Tim Cook teased an upcoming "launch" of some kind scheduled for Wednesday, February 19. "Get ready to meet the newest member of the family," he said, with an #AppleLaunch hashtag. The post includes a short video with an animated Apple logo inside a circle. Cook did not provide an exact time for the launch, or share any other specific details, so...
apple launch feb 2025 alt

What to Expect From the 'Apple Launch' Next Week

Thursday February 13, 2025 11:48 am PST by
Apple has yet to announce any new devices this year, but that could change starting next week. Apple CEO Tim Cook today said to "get ready" for a "launch" on Wednesday, February 19. "Get ready to meet the newest member of the family," said Cook, in a social media post. The post includes an #AppleLaunch hashtag, along with a short video featuring an animated Apple logo inside of a circle....
m2 macbook air blue

M4 MacBook Air Release Continues to Appear Imminent

Monday February 10, 2025 10:56 am PST by
There continue to be signs of a new MacBook Air with an M4 chip, indicating that we could see the machine launch in the not too distant future. A private account on X today shared the identifiers that the MacBook Air will use, and those identifiers correspond to the M4 chip. According to the source, both the 13-inch MacBook Air and the 15-inch MacBook Air will be equipped with Apple's...
oppo find n5 fingers

World's Thinnest Foldable Phone Launches Next Week

Monday February 10, 2025 3:05 am PST by
Oppo has confirmed a February 20 global launch for its Find N5, which the company claims is the world's thinnest device in the foldable phone category. The phone is expected to be re-branded as the OnePlus Open 2 in the US. The Chinese vendor has been teasing the device in the last few weeks, touting its waterproofing and nearly invisible display crease, and highlighting its thinness by compa...
watchOS 11 Thumb 2 1

Apple Releases watchOS 11.3.1

Monday February 10, 2025 10:04 am PST by
Apple today released watchOS 11.3.1, a minor update to the operating system that runs on the Apple Watch. watchOS 11.3.1 is compatible with the Apple Watch Series 6 and later, all Apple Watch Ultra models, and the Apple Watch SE 2. watchOS 11.3.1 can be downloaded by opening up the Apple Watch app and going to General > Software Update. To install the new software, the Apple Watch needs to...
sequoia

Apple Releases macOS Sequoia 15.3.1

Monday February 10, 2025 10:11 am PST by
Apple today released macOS Sequoia 15.3.1, a minor update to the macOS Sequoia operating system that came out last September. macOS 15.3.1 comes a few weeks after the launch of macOS Sequoia 15.3. Mac users can download the ‌‌‌macOS Sequoia‌‌‌ update through the Software Update section of System Settings. Apple has also released macOS 13.7.4 and macOS 14.7.4 for those who are...
Apple Ad on X

Apple Resumes Advertising on X

Wednesday February 12, 2025 2:18 pm PST by
Apple this month started advertising on X for the first time in more than a year. The company had stopped advertising on the social media platform in November 2023 following controversial remarks made by its owner Elon Musk. For example, the @Apple account is running an ad promoting Safari's privacy features. The ad was spotted by MacRumors contributor Aaron Perris. The @AppleTV account has a...
M4 mini Glowing Blue

Apple Begins Selling Refurbished M4 Macs

Wednesday February 12, 2025 11:35 am PST by
Apple today added MacBook Pro and Mac mini models with M4 series chips to its certified refurbished store in the United States, Canada, the United Kingdom, and Ireland for the first time since the computers were introduced in October 2024. Some refurbished MacBook Pro models with M4 chips are also available in Belgium, Germany, the Netherlands, Spain, and select other European countries. ...

Top Rated Comments

sw1tcher Avatar
41 months ago

No wonder Apple wants to transition into eSim
eSIM is not going to 100% prevent SIM swap attacks.

The weak link is the customer service rep approving the swap.
Score: 22 Votes (Like | Disagree)
VulchR Avatar
41 months ago
Time to start compensating people directly and substantially when their data are hacked.
Score: 20 Votes (Like | Disagree)
noone Avatar
41 months ago
I think its about time TMobile gets heavily fined for every data breach they have. I understand that, despite best efforts, things can happen. But TMobile gets hit over and over and over and over and over again. At this point its pure negligence.
Score: 14 Votes (Like | Disagree)
BigBlur Avatar
41 months ago
Just curious, how does eSIM solve this? It’s not like they are actually swapping physical SIM cards…
Score: 14 Votes (Like | Disagree)
Apple$ Avatar
41 months ago
Maybe it's time for Apple to start their own MVNO company. At least in the US.
Score: 13 Votes (Like | Disagree)
jz0309 Avatar
41 months ago
Guess their engagement with cyber security experts is not working yet…
Score: 12 Votes (Like | Disagree)