T-Mobile's Latest Data Breach Linked to SIM Swap Attacks

Back in August, T-Mobile suffered a massive data breach impacting more than 50 million current, former, and prospective T-Mobile users, and now the cellular company is dealing with another smaller data breach incident.

tmobilelogo
Reports yesterday suggested that T-Mobile was aware of unauthorized activity affecting some customer accounts, and now, T-Mobile has confirmed that those reports were due to SIM swap attacks affecting a "very small number of customers."

In a statement to Bleeping Computer, T-Mobile said that impacted customers had been informed that they had been the victim of SIM swap attacks. In a SIM swap attack, social engineering is used to persuade T-Mobile employees to reassign the phone numbers linked to a person to someone else, allowing attackers to take over a phone number. This can be devastating, as phone numbers are often linked to email accounts, banking accounts, and other sensitive information.

We informed a very small number of customers that the SIM card assigned to a mobile number on their account may have been illegally reassigned or limited account information was viewed.

Unauthorized SIM swaps are unfortunately a common industry-wide occurrence, however this issue was quickly corrected by our team, using our in-place safeguards, and we proactively took additional protective measures on their behalf.

T-Mobile says that the attack has been mitigated and that the issue has now been corrected, but the company has not provided specific details on the number of customers impacted nor how the hackers were able to execute the SIM swap attacks.

In the August data breach, attackers were able to obtain phone numbers, addresses, birth dates, social security numbers, driver's license and ID info, IMEI numbers, and IMSI numbers for more than 50 million people, with the information offered up for sale.

T-Mobile CEO Mike Sievert apologized for the breach at the time, and said that T-Mobile was "truly sorry" for the incident, which was the result of a "bad actor" who used knowledge of T-Mobile's technical systems to gain access to testing environments, using brute force attacks to access T-Mobile's IT servers.

To prevent future attacks, T-Mobile entered into a long-term partnership with cybersecurity experts at Mandiant and with consulting firm KPMG LLP, and the company said that it was planning a multi-year investment to improve security.

Top Rated Comments

sw1tcher Avatar
27 weeks ago

No wonder Apple wants to transition into eSim
eSIM is not going to 100% prevent SIM swap attacks.

The weak link is the customer service rep approving the swap.
Score: 22 Votes (Like | Disagree)
VulchR Avatar
27 weeks ago
Time to start compensating people directly and substantially when their data are hacked.
Score: 20 Votes (Like | Disagree)
noone Avatar
27 weeks ago
I think its about time TMobile gets heavily fined for every data breach they have. I understand that, despite best efforts, things can happen. But TMobile gets hit over and over and over and over and over again. At this point its pure negligence.
Score: 14 Votes (Like | Disagree)
BigBlur Avatar
27 weeks ago
Just curious, how does eSIM solve this? It’s not like they are actually swapping physical SIM cards…
Score: 14 Votes (Like | Disagree)
Apple$ Avatar
27 weeks ago
Maybe it's time for Apple to start their own MVNO company. At least in the US.
Score: 13 Votes (Like | Disagree)
jz0309 Avatar
27 weeks ago
Guess their engagement with cyber security experts is not working yet…
Score: 12 Votes (Like | Disagree)

Related Stories

tmobilelogo

T-Mobile CEO Apologizes for Data Breach, Shares Info on Future Security Plans

Friday August 27, 2021 1:03 pm PDT by
T-Mobile CEO Mike Sievert today penned a letter to T-Mobile customers apologizing for the recent data breach that impacted more than 50 million current, former, and prospective T-Mobile users. Data that included names, phone numbers, addresses, birth dates, social security numbers, driver's license and ID info, IMEI numbers, and IMSI numbers was stolen and has been offered for sale. "We...
apple bitcoin hack

22-Year-Old UK Citizen Arrested for 2020 Twitter Hack Affecting Apple

Wednesday July 21, 2021 10:47 am PDT by
The United States Justice Department has continued pursuing those responsible for a 2020 Twitter hack that saw the accounts of high-profile companies and individuals hacked as part of a Bitcoin scam. Several people have already been arrested and charged for the attack, and the DoJ today announced (via The Verge) that 22-year-old Joseph O'Connor, aka "PlugWalkJoe," has also been arrested....
iPhone SE 3 stacked

Apple Using Streamlined Purchase Process for T-Mobile and AT&T iPhone SE Buyers

Thursday March 17, 2022 2:50 pm PDT by
Apple is streamlining its iPhone purchase process with the launch of the iPhone SE, and has introduced a new buying method that allows customers to purchase T-Mobile and AT&T devices without inputting their current carrier information. As outlined by Bloomberg, customers typically need to provide their wireless phone number and social security number when making an iPhone purchase, a process ...
tmobilelogo

T-Mobile Data Breach Included Personal Information of Almost 50 Million Customers

Wednesday August 18, 2021 5:41 am PDT by
T-Mobile has issued a statement with further details about a cyberattack that the company confirmed earlier this week, confirming that the data breach included the personal information of almost 50 million current, former, and prospective customers. Late last week, T-Mobile confirmed that a forum post that purported to offer data from more than 100 million people was the result of a company...
oculus health app

Oculus Quest 2 Movement Data Will Sync With Apple Health App Starting in April

Thursday March 10, 2022 11:07 am PST by
Facebook parent company Meta today announced an upcoming fitness update for the Oculus Quest 2, which will allow fitness data captured during VR workouts to be integrated with the Apple Health app. Right now, when people exercise with interactive games like Liteboxer, Beat Saber, or Dance Central using the Oculus Quest 2, the data can only be viewed on the Oculus Mobile app on the headset...
tmobilelogo

T-Mobile Says an Additional 5.3 Million Customer Accounts Were Compromised in Data Breach

Friday August 20, 2021 9:21 am PDT by
T-Mobile earlier this week shared details on a data breach where hackers gained access to the personal information of close to 50 million current, former, and prospective customers. At the time, T-Mobile said that data from 7.8 million current customers had been compromised, as well as information from 40 million former or potential customers. In an updated statement provided today, T-Mobile ...
iphone se black

T-Mobile Will Pay Off Your Current Phone Up to $1,000 If You Switch

Thursday October 21, 2021 8:47 am PDT by
T-Mobile today announced that, starting October 22, it will pay off a qualifying customer's remaining eligible smartphone payments up to $1,000 via virtual prepaid MasterCard when they switch to the carrier in the United States. The limited time offer is designed to allow customers to switch from their current carrier to T-Mobile and continue using their existing smartphone without cost....
iCloud General Feature

UK Network Operators Target iCloud Private Relay in Complaint to Regulator

Sunday March 13, 2022 3:48 am PDT by
A group of UK network operators have formally urged the UK's Competition and Markets Authority (CMA) to regulate iCloud Private Relay, claiming that Apple's privacy service is anti-competitive, potentially bad for users, and a threat to national security. In its response to the CMA's Interim Report on mobile ecosystems, Mobile UK, a trade association of British mobile network operators,...

Popular Stories

top stories 2jul2022

Top Stories: M2 MacBook Air Release Date, New HomePod Rumor, and More

Saturday July 2, 2022 6:00 am PDT by
The M2 MacBook Pro has started making its way into customers' hands and we're learning more about how it performs in a variety of situations, but all eyes are really on the upcoming M2 MacBook Air which has seen a complete redesign and should be arriving in a couple of weeks. Other top stories this week included a host of product rumors including additional M2 and even M3 Macs, an updated...
Mac Studio IO

Apple Begins Selling Refurbished Mac Studio Models

Thursday June 30, 2022 7:42 pm PDT by
Apple today began selling refurbished Mac Studio models for the first time in the United States, Canada, and select European countries, such as Belgium, Germany, Ireland, Spain, Switzerland, the Netherlands, and the United Kingdom. In the United States, two refurbished Mac Studio configurations are currently available, including one with the M1 Max chip (10-core CPU and 24-core GPU) for...
macbook air m2

Exclusive: Apple Plans to Launch MacBook Air With M2 Chip on July 15

Wednesday June 29, 2022 5:23 pm PDT by
The redesigned MacBook Air with the all-new M2 Apple silicon chip will be available for customers starting Friday, July 15, MacRumors has learned from a retail source. The new MacBook Air was announced and previewed during WWDC earlier this month, with Apple stating availability will begin in July. The MacBook Air features a redesigned body that is thinner and lighter than the previous...
13 inch macbook pro m2 mock feature 2

M2 MacBook Pro Much Slower Than Previous Model

Friday July 1, 2022 2:24 am PDT by
Apple's new 13-inch MacBook Pro with the M2 chip features a significantly slower SSD compared to the previous model, resulting in poorer performance in some workflows, it has been discovered. Specifically, it has been found that the $1,299 base model with 256GB of storage has significantly slower SSD read and write speeds compared to the equivalent previous-generation 13-inch MacBook Pro....