When we entrust our data to companies, especially crucial ones that can have real-life consequences if it falls in the wrong hands, we want to be sure that they will protect this information. T-Mobile, while promoting itself as the carrier with “un-carrier” moves hasn’t been the best when it comes to protecting consumer data. Last August, they suffered a data breach that saw some of their customers’ social security numbers left vulnerable. Now it seems they have suffered another data breach affecting a small number of customers but still significant enough to note.
In documents obtained by The T-Mo Report, the carrier saw some “unauthorized activity” on some of their customers’ accounts. Later on, T-Mobile admits that they experienced a data breach and informed “a very small number of customers” that they may have been affected. They assured them that the issue, specifically the unauthorized SIM swaps, have been “quickly corrected” and that they have used their in-place safeguards and activated proactive measures as well.
There are three categories of customers that were affected by the data breach. The first are those whose customer proprietary network information (CPNI) was exposed to whoever hacked the system. This information may include details like account name, phone numbers, account numbers, rate plan information, number of lines on the plans, etc. While this is of course less severe than the previous data breach with included social security numbers, it’s still important information for unscrupulous people to get access to.
The other group of users may have their SIM cards swapped, which T-Mobile says is a “common industry-wide concern”. Hackers will change the physical SIM card without a user’s knowledge to gain control of the phone number associated with it. This will let these characters get access to two-factor authentication codes that will supposedly protect their accounts. T-Mobile says that customers that were affected by this have had that action reversed.
Lastly, there were also some users that unfortunately were affected by both these breaches. T-Mobile needs to up their security game as two breaches in five months is not a good look for them and does not bode well for their customers.