T-Mobile just can’t catch a break lately when it comes to account security, as it seems there has been another small data breach this month.
The news comes via internal documents shared with The T-Mo Report, embedded below. They state that there was “unauthorized activity” on some customer accounts. That activity was either the viewing of customer proprietary network information (CPNI), an active SIM swap by a malicious actor, or both.
This comes just on the heels of a previous breach back in August. This time around, though, the damage appears to be much less severe. It seems only a small subset of customers are affected. There is no further detail about what exactly happened, with the documents simply saying that some info was leaked.
Affected customers fall into one of three categories. First, a customer may have only been affected by a leak of their CPNI. This information may include the billing account name, phone numbers, number of lines on the account, account numbers, and rate plan info. That’s not great, but it’s much less of an impact than the breach back in August had, which leaked customer social security numbers.
The second category an affected customer might fall into is having their SIM swapped. This is where a malicious actor will change the physical SIM card associated with a phone number in order to obtain control of said number. This can, and often does, lead to the victim’s other online accounts being accessed via two-factor authentication codes sent to their phone number. The document says that customers affected by a SIM swap have now had that action reversed.
The final category is simply both of the other two. Affected customers could have had both their private CPNI viewed as well as their SIM card swapped.
T-Mobile doesn’t have the best track record when it comes to account security. As mentioned, there was a massive data breach earlier this year in August that leaked data on nearly 50 million customers across both postpaid and prepaid accounts. It was one of the biggest data breaches ever for a cell carrier, prompting the FCC to launch an investigation.
As of now, T-Mobile has not publicly shared the news on their website. Affected customers, which appears to not be many, have been sent letters informing them of the unauthorized activity that has taken place on their accounts. Memos have also been placed on those affected accounts for reps to see when accessing them.
Update: T-Mobile Acknowledges Breach
T-Mobile has now publicly acknowledged the latest breach.
The company confirmed in a statement to BleepingComputer that notices were sent to “a very small number of customers” who fell victim to SIM swap attacks.
We informed a very small number of customers that the SIM card assigned to a mobile number on their account may have been illegally reassigned or limited account information was viewed. Unauthorized SIM swaps are unfortunately a common industry-wide occurrence, however this issue was quickly corrected by our team, using our in-place safeguards, and we proactively took additional protective measures on their behalf.T-Mobile Spokesperson to BleepingComputer
As of now, T-Mobile has still not shared an official news post about the breach. Hopefully we see the company post an update to their newsroom website soon.