According to a media report, T-Mobile has confirmed that recent reports of a new data breach are linked to notifications sent to a “very small number of customers” who were victims of SIM swap attacks.
The recent cyberattack follows a massive data breach suffered by the company in August.
“We informed a very small number of customers that the SIM card assigned to a mobile number on their account may have been illegally reassigned or limited account information was viewed,” a T-Mobile spokesperson was quoted as saying by BleepingComputer.
“Unauthorised SIM swaps are unfortunately a common industry-wide occurrence, however this issue was quickly corrected by our team, using our in-place safeguards, and we proactively took additional protective measures on their behalf,” the spokesperson added.
According to the report, T-Mobile refused to provide additional information when asked about the total number of affected customers and the method used by the attackers to successfully carry out the SIM swap attacks.
According to a recent report, affected customers fall into one of three categories. For starters, a customer may have only been impacted by a leak of their proprietary network information (CPNI). This information could include the billing account’s name, phone numbers, the number of lines on the account, account numbers, and rate plan information.
Affected customers may fall into the second category if their SIM card is swapped. In order to gain control of a phone number, a malicious actor will change the physical SIM card associated with it.
This can, and often does, lead to the victim’s other online accounts being accessed via two-factor authentication codes sent to their phone number.
The final category is simply both of the other two. Affected customers could have had both their private CPNI viewed as well as their SIM card swapped