Update (12/29/21 2:29 pm): T-Mobile has confirmed the attack to BleepingComputer and shared that they already sent out a message to affected customers:
“We informed a very small number of customers that the SIM card assigned to a mobile number on their account may have been illegally reassigned or limited account information was viewed. Unauthorized SIM swaps are unfortunately a common industry-wide occurrence, however this issue was quickly corrected by our team, using our in-place safeguards, and we proactively took additional protective measures on their behalf.”
Original article below:
Just before Christmas, T-Mobile was once again hit by another data breach. Only this time, it is a much smaller scale compared to the attack it faced back in August.
The report comes from The T-Mo Report, who shared internal documents detailing the new incident. According to these documents, some customer accounts encountered “unauthorized activity,” which involves “viewing of customer proprietary network information (CPNI), an active SIM swap by a malicious actor, or both.”
The internal document gives a look into how T-Mobile categorizes customers who are affected by this breach:
“Affected customers fall into one of three categories. First, a customer may have only been affected by a leak of their CPNI. This information may include the billing account name, phone numbers, number of lines on the account, account numbers, and rate plan info. That’s not great, but it’s much less of an impact than the breach back in August had, which leaked customer social security numbers.
The second category an affected customer might fall into is having their SIM swapped. This is where a malicious actor will change the physical SIM card associated with a phone number in order to obtain control of said number. This can, and often does, lead to the victim’s other online accounts being accessed via two-factor authentication codes sent to their phone number. The document says that customers affected by a SIM swap have now had that action reversed.”
Customers who had both their CPNI viewed and had a SIM card swap are put into the third category.
As of this writing, T-Mobile has not released a statement about this potential data breach. There is also no word yet on how massive this data breach is. But compared with the August breach, this seems to be smaller in scale since the latter involved accessing customers’ social security numbers and driver’s license information.
We’re still waiting for an update from T-Mobile. The report says that T-Mobile has sent out a letter to affected customers to inform them of the unauthorized activity that recently occurred on their accounts.
Source: The T-Mo Report