T-Mobile end 2021 with its second data breach of the year

News / T-Mobile end 2021 with its second data breach of the year

T-Mobile end 2021 with its second data breach of the year

T-Mobile has suffered a minor data breach involving SIM swapping. SIM swapping allows hackers to take control of a mobile phone number by tricking the carrier to reassign the numbers to attacker-controlled SIM cards. 

By reassigning the numbers to attacker-controlled SIM cards the hackers can then take control of the mobile number and use it to pass SMS-based multi-factor authentication. Using the swapped phone number, the hackers can steal the victim's credentials and log into their bank accounts to steal money or take control of their online accounts by changing the password

A statement from T-Mobile has confirmed the breach and says, “We informed a very small number of customers that the SIM card assigned to a mobile number on their account may have been illegally reassigned or limited account information was reviewed. Unauthorised SIM swaps are unfortunately a common industry-wide occurrence, however, this issue was quickly corrected by our team, using our in-place safeguards, and we proactively took additional protective measures on their behalf”. 

Whilst T-Mobile has stated that the attack has been mitigated and that the breach was only minor, it is not known how the hackers were able to execute the SIM swap attacks. 

T-Mobile has stated that “Customer proprietary network information includes features of your voice call service (e.g., international calling), usage information (like call logs – including date, time, phone numbers called, and duration of calls), and quantitative data like minutes used”. 

T-Mobile has also confirmed that there is “no indication that TMO username/password combinations or stored payment methods were accessed or acquired”. 

The current T-Mobile data breach comes just months after the company suffered one of its biggest-ever data breaches. Personal data of over 50 million T-Mobile users was exposed as part of the August data breach. 

What made the August data breach particularly concerning was that the hacker responsible was a lone 21-year-old actor. The hacker (John Binns) said that the company’s lax security made it easy for him to gain access to the cache of records. 

Following the August breach, T-Mobile has said they have enhanced security across their platforms and are collaborating with industry-leading experts to implement a mixture of short and long-term solutions. However, the current data breach highlights that the mobile phone company has a very long way to go to protect their customers’ data.

How secure is

your business?

Security test
How secure is

your business?

Security test