- T-Mobile has admitted a data breach and is covering the affected subscribers with identity theft protection services.
- The telco provider has noticed a rise in SIM swap attacks against its customers, which sparked internal investigations.
- No actual numbers were disclosed, but in general, T-Mobile hasn’t had a good record in recent years.
T-Mobile, the U.S. telco giant, has seen a steep rise in SIM swap attacks against its customers, and as confirmed through a notice of data breach, this was because of a security incident. The company alleges that they identified the malicious activity fairly quickly and took action to terminate it as well as prevent it from reoccurring in the future.
Unfortunately though, the infiltrator accessed the following customer details:
- Full name
- Physical address
- Email address
- Account number
- Social Security Number
- Customer account personal identification number
- Account security questions and answers
- Date of birth
- Plant information
- Number of lines subscribed to the account
As a response to that, T-Mobile will offer two years of free credit monitoring and identity theft detection services through ‘myTrueIdentity’ from Transunion. Recipients of the notice of the data breach will find instructions on how to register themselves onto these services enclosed. Changing the PIN and also the security questions should be a top priority right now, as those have been compromised.
The telco hasn’t given actual numbers on the SIM swap attacks or the compromised accounts, so we don’t know how many numbers were ported to a different provider and what the results of this were. However, for the incident to have sparked an internal investigation, T-Mobile must have received a notable number of user reports, so our guess is that the SIM swaps must have been pretty extensive.
This comes only two months after the previous security incident that concerned T-Mobile when 200,000 CPNI data was exposed to malicious hackers. In total, T-Mobile has had five significant data breaches in the last four years, and this is based on those that have been publicly disclosed. It’s possible that there have been additional incidents that we didn’t get to learn about. Each time, the American telco provider promises to have taken action to prevent such incidents from happening again in the future, and yet they keep on happening.
If you worry about SIM swap attacks that could enable hackers to take over your precious accounts, use an authentication app or a USB stick instead. Always keep a low profile with your crypto assets on social media, and if you have to use SMS for 2FA, do it by using a number that’s used specifically for this purpose alone.