This can be devastating, as phone numbers are often linked to email accounts, banking accounts, and other sensitive information. In a SIM swap attack, social engineering is used to persuade T-Mobile employees to reassign the phone numbers linked to a person to someone else, allowing attackers to take over a phone number.
In a statement to Bleeping Computer, T-Mobile said that impacted customers had been informed that they had been the victim of SIM swap attacks. Reports yesterday suggested that T-Mobile was aware of unauthorized activity affecting some customer accounts, and now, T-Mobile has confirmed that those reports were due to SIM swap attacks affecting a "very small number of customers." The company again vowed to enhance its security further and prevent such data breaches from happening again.Back in August, T-Mobile suffered a massive data breach impacting more than 50 million current, former, and prospective T-Mobile users, and now the cellular company is dealing with another smaller data breach incident. The attack covered by many outlets in the early days of 2021 is the company’s fourth data breach since 2018. The wireless carrier was under fire for days as this is not the first time T-Mobile systems are being compromised. However, there are no conclusive reports that cybercriminals are actively using the stolen data at this time. The number is significantly lower than T-Mobile’s other breaches over the last three years that affected millions of their customers.Įxperts believe the stolen information could be used by criminals who want to execute socially engineered mobile phishing attacks. In a statement to FOX Business, a T-Mobile spokesperson said that they believe the details of approximately 0.2% of T-Mobile’s client base have been affected by the data breach, which equals to roughly 200 000 affected users. T-Mobile also did not specify why it took them so much time to disclose information about the data breach to its customer base during the busy shopping winter season. No hacker group, nor foreign-state, have publicly claimed responsibility yet either. Even though the investigation has been going for weeks and the security loopholes have been patched, the wireless carrier has not yet confirmed who might be behind the attack. The data breach occurred in early December. They also stated Tax IDs, passwords, and PINs were not accessed either.
The telecom giant confirmed that hackers did not access more sensitive information such as names, physical addresses, SSN, credit card information, or other financial data. T-Mobile said that they stopped the attack as soon as they became aware of it. The hackers managed to get unauthorized access to phone numbers, the number of lines associated with an account, and call-related information. The notice confirmed that bad actors have accessed parts of the company’s customer proprietary network information (CPNI). It took some time for media outlets to dig out the deeply buried, undated security incident statement by the company’s Chief Marketing Officer, Matt Staneff.Īccording to the “notice of security incident” published on T-Mobile’s US website, the wireless network operator suffered malicious and unauthorized access to their systems. T-Mobile appears to not be off to a good start in 2021 as the telecommunications company became a victim of hackers, and the news got picked up in the first days of the new year.
This was the company’s second data breach during the pandemic-ridden year. USA’s third-biggest cellular service provider reported a security incident that took place in December 2020.
0 kommentar(er)
