T-Mobile, America’s largest telecommunications service provider, last August broke data that saw some of its customers’ social security numbers left at risk.
Now they seem to be facing another data breach that affects a small number of customers.
The company said, “We have informed a very small number of customers that the SIM card assigned to their mobile phone number may be illegally retrieved or limited account information has been viewed.”
It is not clear what attackers are using, however, it is suggested that SIM swaps be used. It is a commonly used method to control online accounts and bypass two-factor SMS-based authentication. Attacks sometimes rely on cheating or paying network company employees to perform swaps.
Cybercriminals can control a customer’s phone number. In that case, it could result in some of the victim’s online accounts being obtained with two-factor verification codes sent to their phone numbers, T-Mo said.
T-Mobile Help has responded to a question posted on Twitter that it “is taking immediate steps to help protect anyone who may be at risk from this cyberattack attack.” It follows that users can send a direct message to discuss steps to increase account security.
The T-Mo report notes that those affected customers fall into one of three categories. Those who have only been through their Customer Network Information (CPNI) may have their billing account name, phone numbers, account numbers, and additional system information, including the number of lines in their account. No other personal information or payment information is included in this, however.
In contrast to the summer data breach T-Mobile experienced earlier this year, this has resulted in a much smaller number of customers.
On the other hand, the company has contacted the people who were targeted for the violation, warning them to clarify what was or was not being watched and highlighting that the cyber hacker is not stealing payment or password data with his information.
However, T-Mobile has not yet reported any details of how many customers have been directly contacted.
“Unauthorized SIM replacement unfortunately is a common occurrence throughout the industry. However, this problem was immediately addressed by our team, using our local protections, and we continued to take additional security measures,” said the network company.
“Our people and processes work as they are designed to protect our customers.”
