SIM Swapping Attacks Caused T-Mobile Breach
T-Mobile has confirmed that the large-scale data breach it suffered in 2021 was caused by SIM swapping attacks, as a result of which personal data from a subset of customers was exposed.
SIM swapping makes it possible for attackers to take control of a target's mobile phone number by tricking or bribing the carrier's employees to reassign the numbers to attacker-controlled SIM cards.
According to T-Mobile's report, now updated, some individuals had their customer proprietary network information leaked. The critical data exposed included addresses, social security numbers, driver’s licenses and ID information.
The documents also showed that other customers had their SIMs swapped. "We informed a very small number of customers that the SIM card assigned to a mobile number on their account may have been illegally reassigned or limited account information was viewed," a T-Mobile spokesperson told BleepingComputer.
T-Mobile did not provide details of the attack and would not confirm how many customers were affected. The company did report that it released noticed to customers who were affected by SIM swapping attacks and referred to such security incidents as 'common' in the telecoms industry.
T-Mobile: Oodaloop: ZDNet: Bleeping Computer: CNet:
You Might Also Read:
Mobile Users Are A Security Weakspot: