SIM Swapping Attacks Caused T-Mobile Breach

T-Mobile has confirmed that the large-scale data breach it suffered in 2021 was caused by SIM swapping attacks, as a result of which personal data from a subset of customers was exposed. 

SIM swapping makes it possible for attackers to take control of a target's mobile phone number by tricking or bribing the carrier's employees to reassign the numbers to attacker-controlled SIM cards. 

According to T-Mobile's report, now updated, some individuals had their customer proprietary network information leaked. The critical data exposed included addresses, social security numbers, driver’s licenses and ID information.

The documents also showed that other customers had their SIMs swapped. "We informed a very small number of customers that the SIM card assigned to a mobile number on their account may have been illegally reassigned or limited account information was viewed," a T-Mobile spokesperson told BleepingComputer.

T-Mobile did not provide details of the attack and would not confirm how many customers were affected. The company did report that it released noticed to customers who were affected by SIM swapping attacks and referred to such security incidents as 'common' in the telecoms industry.  

T-Mobile:    Oodaloop:      ZDNet:      Bleeping Computer:     CNet:   

You Might Also Read: 

Mobile Users Are A Security Weakspot:

 

« Azure Active Directory Recycle Bin Won’t Save Your Critical Data
More Women Needed In Cyber Security »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Titus

Titus

Titus is a global leader in enterprise-grade data protection solutions.

Lutech

Lutech

Lutech is an Italian ICT engineering and services company. Business solution areas include cyber security.

MadSec Security

MadSec Security

MadSec Security is a leading consulting company whose expertise are information and cyber security.

Nexcom International

Nexcom International

Nexcom operates six global businesses - IoT Automation, Intelligent Digital Security, Internet of Things, Intelligent Platform & Services, Mobile Computing Solutions, Network & Communications.

G Data CyberDefense

G Data CyberDefense

G DATA developed the world's first antivirus software, and we have remained pioneers in innovation for IT security ever since.

WISeKey

WISeKey

WISeKey is a leading cybersecurity company currently deploying large scale digital identity ecosystems for people and objects using Blockchain, AI and IoT.

iProov

iProov

iProov delivers authentication and verification simply and securely, based on a genuine one-time biometric.

Proton Data Security

Proton Data Security

Proton Data Security is a certified small business specializing in the design, manufacturing and sales of data security products for permanent erasure of hard drives, tapes and optical media.

ePlus

ePlus

ePlus designs and delivers effective, integrated cybersecurity programs centered on culture and technology, aimed at mitigating business risk and empowering digital transformation.

Wipe-Global

Wipe-Global

Wipe-Global is specialized in data erasure with an international established service partner network.

Sky Republic

Sky Republic

Sky Republic offers a Smart Contract Platform to integrate and synchronize business networks beyond EDI and API.

DigiSec360

DigiSec360

DigiSec360 is a technology firm focused on the human element of cybersecurity.

Neovera

Neovera

Neovera is a trusted provider of managed services including cyber security and enterprise cloud solutions, committed to delivering results through the innovative use of scalable enterprise-grade tech.

Astrix Security

Astrix Security

Astrix enables security teams to instantly see through the fog of connects and detect redundant, misconfigured and malicious third-party exposure to their critical systems.

Department of Homeland Security (DHS)

Department of Homeland Security (DHS)

The Department of Homeland Security has a vital mission: to secure the nation from the many threats we face. Our duties are wide-ranging, but our goal is clear - keeping America safe.

National Cybersecurity Agency (ACN) - Italy

National Cybersecurity Agency (ACN) - Italy

The ACN is the National Authority for Cybersecurity in Italy. the Agency promotes public-private initiatives to strengthen the national cybersecurity and resilience posture.