T-Mobile is unfortunately notorious for having SIM swap and port-out attacks on it’s customers. Often, users with Coinbase accounts are particularly targeted. It seems enough customers complained, because now the FCC is establishing rules to fight the problem.
The FCC has announced that they are planning to propose updates to the existing CPNI porting rules that will require increased security for customers. The new rules will require carriers to positively verify customer identity before a number is moved to a new device or carrier. They also propose that “carriers immediately notify customers whenever a SIM change or port request has been made”.
The changes would also affect AT&T and Verizon, as well as any MVNOs. T-Mobile seems the most often hit, based on cursory Reddit searches, and AT&T also has some issues. Verizon seems least affected, as they seem to require direct confirmation from the customer before swapping SIMs.
The hope is that T-Mobile will take the security threat seriously and implement tighter account security. They have already implemented an “Account Takeover Prevention” tool, which is just NOPORT made public, after the huge data breach back in August. Hopefully NOSWAP is added as well, but we’ll have to wait and see.