T-Mobile suffered a new data breach

T-Mobile discloses a new data breach that impacted a “very small number of customers” who were victim of SIM swap attacks.

T-Mobile has suffered another security breach, threat actors gained access to the accounts of “a small number of” customers.’

According to The T-Mo Report, which viewed T-Mobile internal documents, there was “unauthorized activity” on some customer accounts. The attackers viewed customer proprietary network information (CPNI) and carried out SIM swapping attacks on a small number of customers.

“Affected customers fall into one of three categories. First, a customer may have only been affected by a leak of their CPNI.” reported The T-Mo Report. “The second category an affected customer might fall into is having their SIM swapped.” “The final category is simply both of the other two. Affected customers could have had both their private CPNI viewed as well as their SIM card swapped.”

Customer proprietary network information exposed in the attack could’ve included billing account name, phone numbers, number of lines on the account, account numbers, and rate plan info.

“We informed a very small number of customers that the SIM card assigned to a mobile number on their account may have been illegally reassigned or limited account information was viewed. Unauthorized SIM swaps are unfortunately a common industry-wide occurrence, however this issue was quickly corrected by our team, using our in-place safeguards, and we proactively took additional protective measures on their behalf.” a T-Mobile Spokesperson told BleepingComputer.

T-Mobile customers should remain vigilant on unsolicited text messages or emails pretending to be from T-Mobile.

Unfortunately, this is the last incident in order of time suffered by the company, below is the list of previous incidents:

• In August 2021, a security breach impacted 54 million customers.
• In February 2021, hundreds of users were hit with SIM swapping attacks.
• In December 2020, T-Mobile disclosed a data breach that exposed customers’ network information (CPNI).
• In March 2020, threat actors gained access to T-Mobile customers and employee personal info.
• In 2019, T-Mobile disclosed data breach affecting prepaid wireless customers.
• In 2018, data breach exposed personal information of up to 2 million customers.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)

[adrotate banner=”5″]

[adrotate banner=”13″]