T-Mobile's Latest Data Breach Linked to SIM Swap Attacks

[MacRumors]

Back in August, T-Mobile suffered a massive data breach impacting more than 50 million current, former, and prospective T-Mobile users, and now the cellular company is dealing with another smaller data breach incident.

Reports yesterday suggested that T-Mobile was aware of unauthorized activity affecting some customer accounts, and now, T-Mobile has confirmed that those reports were due to SIM swap attacks affecting a "very small number of customers."

In a statement to Bleeping Computer, T-Mobile said that impacted customers had been informed that they had been the victim of SIM swap attacks. In a SIM swap attack, social engineering is used to persuade T-Mobile employees to reassign the phone numbers linked to a person to someone else, allowing attackers to take over a phone number. This can be devastating, as phone numbers are often linked to email accounts, banking accounts, and other sensitive information.

We informed a very small number of customers that the SIM card assigned to a mobile number on their account may have been illegally reassigned or limited account information was viewed.

Unauthorized SIM swaps are unfortunately a common industry-wide occurrence, however this issue was quickly corrected by our team, using our in-place safeguards, and we proactively took additional protective measures on their behalf.

T-Mobile says that the attack has been mitigated and that the issue has now been corrected, but the company has not provided specific details on the number of customers impacted nor how the hackers were able to execute the SIM swap attacks.

In the August data breach, attackers were able to obtain phone numbers, addresses, birth dates, social security numbers, driver's license and ID info, IMEI numbers, and IMSI numbers for more than 50 million people, with the information offered up for sale.

T-Mobile CEO Mike Sievert apologized for the breach at the time, and said that T-Mobile was "truly sorry" for the incident, which was the result of a "bad actor" who used knowledge of T-Mobile's technical systems to gain access to testing environments, using brute force attacks to access T-Mobile's IT servers.

To prevent future attacks, T-Mobile entered into a long-term partnership with cybersecurity experts at Mandiant and with consulting firm KPMG LLP, and the company said that it was planning a multi-year investment to improve security.

Article Link: T-Mobile's Latest Data Breach Linked to SIM Swap Attacks

 

[jz0309]

Guess their engagement with cyber security experts is not working yet…

 

[TheYayAreaLiving 🎗️]

No wonder Apple wants to transition into eSim. T-Mobile is just attracting data breaches at all times now.

 

[ghostface147]

T-Mobile.......again.

 

[VulchR]

Time to start compensating people directly and substantially when their data are hacked.

 

[TheYayAreaLiving 🎗️]

Found this article which further details how you can protect your identity.

T-Mobile data breach and SIM-swap scam: How to protect your identity

Even if you're not a T-Mobile customer, SIM-swap fraud is real. Here are some ways you can avoid it.

www.cnet.com

 

[Apple$]

Maybe it's time for Apple to start their own MVNO company. At least in the US.

 

[4jasontv]

T-Mobile CEO Mike Sievert apologized for the breach at the time, and said that T-Mobile was "truly sorry" for the incident, which was the result of a "bad actor" who used knowledge of T-Mobile's technical systems to gain access to testing environments, using brute force attacks to access T-Mobile's IT servers.

When I was younger my dog knocked over a lamp breaking three bulbs that cost about $50 each. I didn't personally cause the damage, but because I failed to watch the dog I assumed responsibility for the replacement cost. This wasn't a 'bad actor' but a company that didn't properly manage access. It doesn't matter if this is T-Mobiles fault or not, they are responsible for protecting their customer's privacy. Being sorry isn't sufficient. They should have to contact each customer that was affected and ask them 'what is your private data worth to you?' Then pay them that plus a 20% markup for not getting permission to distribute data before allowing it to be accessed.

 

[noone]

I think its about time TMobile gets heavily fined for every data breach they have. I understand that, despite best efforts, things can happen. But TMobile gets hit over and over and over and over and over again. At this point its pure negligence.

 

[poematik13]

Sim cards need to go. Cant wait for esim only

Also for tmobile people, please do the following
-turn on account takeover protection in your settings (cant believe this isnt turned on by default lmfao)
-use google authenticator for as many of your financial apps as possible

 

[Macintosh TV]

T-Mobile continues to show they don't care about security. How many times can one provider be breached in a single year? This is just sad.

 

[TheYayAreaLiving 🎗️]

Maybe it's time for Apple to start their own MVNO company. At least in the US.

Apple seriously needs to come up with their own Cellphone and Network plan for the U.S. market.

 

[0924487]

I think the best way for T-Mobile to be secure is by limiting the amount of data they collect from customers. The less they know, the less attractive they are to attackers.

There is absolutely no reason why T-Mobile should have your SSN, other than credit verifications, which can be out-sourced to a partner like Chase.

 

[BigBlur]

Just curious, how does eSIM solve this? It’s not like they are actually swapping physical SIM cards…

 

[sw1tcher]

This can be devastating, as phone numbers are often linked to email accounts, banking accounts, and other sensitive information.

This is why I don't give my number to these organizations, or use a Google voice number to prevent SIM swapping attacks.

Too many businesses wanting your number to identify you. They're going to mess up phone numbers like they did with social security numbers.

 

[TheYayAreaLiving 🎗️]

I think its about time TMobile gets heavily fined for every data breach they have. I understand that, despite best efforts, things can happen. But TMobile gets hit over and over and over and over and over again. At this point its pure negligence.

Not sure why FTC is not doing anything about it. They should be fined. It's the personal data that is exposed out there. It's not fair to the public.

 

[Freeangel1]

The internet is becoming dangerous to be online.

My Bet is that T Mobile is using Windows Servers connected to the internet. Windows servers are very hard to keep secure.

Unix and Linux servers are the best Internet servers.

I'm even going Linux on any computer Connected to the internet

Keep my Mac network offline. All the NSA snooping too.

TAILS.... Live Linux Boot CD with TOR.

Tails - Home

tails.boum.org

 

[sw1tcher]

No wonder Apple wants to transition into eSim

eSIM is not going to 100% prevent SIM swap attacks.

The weak link is the customer service rep approving the swap.

 

[TheYayAreaLiving 🎗️]

eSIM is not going to 100% prevent SIM swap attacks.

The weak link is the customer service rep approving the swap.

Well, At least it will prevent sim swapping from the rep and the public.

 

[sw1tcher]

T-Mobile.......again.

* sigh *

It's not just T-Mobile

A major telecom company that partners with AT&T and Verizon said hackers had access to its system for over 5 years, exposing billions of texts

Syniverse, which is used by companies like AT&T and Verizon, revealed that hackers had been inside its system for years, affecting millions of users.

www.businessinsider.com

Hackers in Cox Communications Data Breach Impersonated Company’s Support Agent to Access Customer Information - CPO Magazine

Cox communications data breach notification disclosed that unauthorized individual(s) accessed sensitive customer information after impersonating the company's support agent.

www.cpomagazine.com

Verizon’s Visible confirms accounts were breached – report

Some customer accounts for the Verizon-backed all-digital prepaid brand Visible were breached after bad actors obtained password and login information from “outside sourc | Some customer accounts for the Verizon-backed all-digital prepaid brand Visible were breached after bad actors obtained...

www.fiercewireless.com

 

[sw1tcher]

Well, At least it will prevent sim swapping.

?‍♂️

Read what I wrote again.

 

[BootsWalking]

All T-Mobile customers need to sign up for their free Account Takeover Protection, which at least protects against port outs:

https://www.t-mobile.com/support/plans-features/account-takeover-protection

 

[coolfactor]

Way to be reactive instead of proactive, T-Mobile! ?

Unauthorized SIM swaps are unfortunately a common industry-wide occurrence, however this issue was quickly corrected by our team, using our in-place safeguards, and we proactively took additional protective measures on their behalf.

This is nonsense! Blame the industry. Why didn't these in-place safeguards prevent this from happening in the first place?

 

[jz0309]

So if it is employees initiating/approving the sim swap, isn’t that similar to Wells Fargo opening CC accounts for people? There have to be serious consequences if that is the case, fines ain’t doing it… if indeed employees are doing this, there should be criminal charges

 

[coolfactor]

The internet is becoming dangerous to be online.

My Bet is that T Mobile is using Windows Servers connected to the internet. Windows servers are very hard to keep secure.

Unix and Linux servers are the best Internet servers.

I'm even going Linux on any computer Connected to the internet

Keep my Mac network offline. All the NSA snooping too.

TAILS.... Live Linux Boot CD with TOR.

Tails - Home

tails.boum.org

You're not wrong, but be very careful about saying this outside of a Mac forum. ? You'll be slaughtered.

And you know that Macs are UNIX, right?