Recently, in an investigation, cybersecurity experts have detected a data breach after an unknown number of customers got attacked by SIM swap attacks. According to the recent report of data breaches, SIM swap attacks are most common and frequent.
However, these SIM swap fraud enables scammers to take full charge of victims’ phone numbers after porting them just by using social engineering or after bribing the mobile operator employees to a SIM that has been controlled by the threat actors.
What happened and what data was involved?
In this data breach, the threat actor has used the gained information to port the victims’ line to a totally different carrier without any authorization of the user. Luckily T-Mobile has identified the data breach and also terminated the unauthorized acts of the threat actors.
While apart from this, the data that is involved in this data breach are mentioned below:-
- Full name of the customer
- Email address
- Social security number
- Account number
- Account security question and answer
- Customer account personal identification number
- Date of birth
- Plan information
- All the number lines that are subscribed to the account
Undisclosed number of SIM swap attacks
T-Mobile has luckily detected that an unknown attacker gained access to customers’ account information, which also includes all the personal info and personal identification numbers (PINs). So, the T-Mobile has immediately identified and terminated the unauthorized activity; and recommends that users should change their customer account PIN immediately.
What T-Mobile is doing?
All the impacted T-Mobile customers are recommended to change their account’s password, PIN, as well as their security questions and answers. Moreover, T-Mobile is giving two years of free credit monitoring and identity theft detection services by Transunion’s myTrueIdentity.
5th data breach disclosed by T-Mobile in four years
This is the 5th data breach that has been disclosed by T-Mobile during the last four years, however, each of them was being reported after hackers obtained access to customers’ personal information.
Moreover, T-Mobile has earlier encountered data breaches in 2018 when millions of customers’ personal info were accessed by threat actors and in 2019 after revealing prepaid customers’ data.
That’s why the company revealed two more data breaches, one of them in March 2020, in which the threat actors gained access to customer and employee data.
What you can do?
The experts of T-Mobile have recommended that one should clearly review the account information, and should change the PIN on their account as well as change the security questions and answers as well.
They also recommended that the users should update their account passwords and should confirm to have appropriate security for the email, financial, and another account.
But, the attackers have used an internal T-Mobile application so that they can target up to 400 customers in SIM swap attack attempts. However, the data breach notification was published by the telecommunications giant on its website where they exposed that the security breach affected both employees and customers.