T-Mobile has suffered another security breach, threat actors gained access to the accounts of “a small number of” customers.’
According to The T-Mo Report, which viewed T-Mobile internal documents, there was “unauthorized activity” on some customer accounts. The attackers viewed customer proprietary network information (CPNI) and carried out SIM swapping attacks on a small number of customers.
“Affected customers fall into one of three categories. First, a customer may have only been affected by a leak of their CPNI.” reported The T-Mo Report. “The second category an affected customer might fall into is having their SIM swapped.” “The final category is simply both of the other two. Affected customers could have had both their private CPNI viewed as well as their SIM card swapped.”
Customer proprietary network information exposed in the attack could’ve included billing account name, phone numbers, number of lines on the account, account numbers, and rate plan info.
“We informed a very small number of customers that the SIM card assigned to a mobile number on their account may have been illegally reassigned or limited account information was viewed. Unauthorized SIM swaps are unfortunately a common industry-wide occurrence, however this issue was quickly corrected by our team, using our in-place safeguards, and we proactively took additional protective measures on their behalf.” a T-Mobile Spokesperson told BleepingComputer.
T-Mobile customers should remain vigilant on unsolicited text messages or emails pretending to be from T-Mobile.
Unfortunately, this is the last incident in order of time suffered by the company, below is the list of previous incidents:
(SecurityAffairs – hacking, data breach)