SIM Swapping Attacks Caused T-Mobile Breach

Uploaded on 2022-01-12 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

T-Mobile has confirmed that the large-scale data breach it suffered in 2021 was caused by SIM swapping attacks, as a result of which personal data from a subset of customers was exposed. 

SIM swapping makes it possible for attackers to take control of a target's mobile phone number by tricking or bribing the carrier's employees to reassign the numbers to attacker-controlled SIM cards. 

According to T-Mobile's report, now updated, some individuals had their customer proprietary network information leaked. The critical data exposed included addresses, social security numbers, driver’s licenses and ID information.

The documents also showed that other customers had their SIMs swapped. "We informed a very small number of customers that the SIM card assigned to a mobile number on their account may have been illegally reassigned or limited account information was viewed," a T-Mobile spokesperson told BleepingComputer.

T-Mobile did not provide details of the attack and would not confirm how many customers were affected. The company did report that it released noticed to customers who were affected by SIM swapping attacks and referred to such security incidents as 'common' in the telecoms industry.  

T-Mobile:    Oodaloop:      ZDNet:      Bleeping Computer:     CNet:   

You Might Also Read: 

Mobile Users Are A Security Weakspot:

 

« Azure Active Directory Recycle Bin Won’t Save Your Critical Data
More Women Needed In Cyber Security »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

SSH Communications Security

SSH Communications Security

SSH Communications Security is a leading provider of enterprise cybersecurity solutions for controlling trusted access to information systems and data.

Authenware

Authenware

AuthenWare delivers the highest level of identity security based on behavioral biometrics.

Korea Internet & Security Agency (KISA)

Korea Internet & Security Agency (KISA)

KISA is committed to improving the competitiveness, reliability and security of Internet information and knowledge in Korea.

Bugcrowd

Bugcrowd

As leaders in crowdsourced security testing, Bugcrowd connects companies and their applications to a crowd of tens of thousands of security researchers to identify critical software vulnerabilities.

MadSec Security

MadSec Security

MadSec Security is a leading consulting company whose expertise are information and cyber security.

Cyber Risk Opportunities

Cyber Risk Opportunities

Cyber Risk Opportunities was formed to enable middle-market executives to become more proficient cyber risk managers so their organizations can thrive.

Gradcracker

Gradcracker

Gradcracker is THE careers website for Science, Technology (including Cybersecurity), Engineering and Maths university students in the UK.

US Cyber Range

US Cyber Range

US Cyber Range is a scalable, cloud-hosted infrastructure providing students with virtual environments for realistic, hands-on cybersecurity labs and exercises.

Infosec Cloud

Infosec Cloud

Infosec Cloud is a specialist Cyber Security company offering fully managed Training & Testing Services in addition to market leading Cyber Security technology and accredited professional services.

NewAE Technology

NewAE Technology

NewAE Technology is revolutionizing the hardware security market by making every engineer and designer aware of side-channel power analysis and glitching as important attack vectors.

Certo Software

Certo Software

Certo are trusted experts in mobile security. At Certo, mobile security is not an afterthought, it’s what we do.

ECS Ethiopia

ECS Ethiopia

ECS Ethiopia provides Ethiopia’s leading institutions with top cyber-security expertise and technology to enable them to overcome risks and market barriers enabling them to grow their business.

Elastio

Elastio

Elastio's cloud-native platform safeguards cloud data from the risks posed by ransomware, application failures and storage security vulnerabilities.

National Cyber Security Agency (NCSA) - Thailand

National Cyber Security Agency (NCSA) - Thailand

National Cyber Security Agency of Thailand is responsible for coordinating and implementing national cybersecurity policies, strategies, and initiatives.

Lansafe

Lansafe

Lansafe stands as a leading managed service provider in the UK, seamlessly integrating IT, Telecoms, Security, Electrical and Cyber Security solutions.

DefectDojo

DefectDojo

DefectDojo is a DevSecOps and vulnerability management tool.