T-Mobile Suffers from Another Cyber Threat Exposing SIMs and Info
T-Mobile reported on Tuesday yet another cyber threat where criminals accessed “a small number of” users’ accounts, following a devastating data breach dating back to August 2021.
The T-Mobile’s report revealed how the telecom operator noticed “unauthorized activity” on some accounts, where hackers gained access to view customer proprietary network information (CPNI), “an active SIM swap by a malicious actor, or both.”
The December breach exposed users’ data, but it was less intense than what happened back in August. However, this time, the attack was less severe than its predecessor, where customers involved can be classified into three categories.
The first customer base – as mentioned above – are the ones affected by the leak of their CPNI – data collected by telecom companies about a consumer’s telephone calls. This information includes the billing account name, phone numbers, number of lines on the account, account numbers, and rate plan info.
The second customer base affected by the cyber threat was those who had their SIM switched. In this case, a malicious actor can change the physical SIM card connection with a mobile number to control the line entirely.
This would result in the users’ other line being logged into through a two-factor authentication code delivered to their number. According to the document, T-Mobile reversed the swapping action after the breach’s discovery.
The third and final category is the integration of the first two classifications, where infiltrators had access to both users’ private CPNI and had their SIM cards swapped.
This is not the first time T-Mobile was exposed to a cyberattack; in early August, the telco suffered from its most significant data breach to date, where cybercriminals leaked data of almost 50 million users from both paid prepaid accounts.
It was deemed one of the most significant and damaging data breaches on a telecommunication company. The U.S. Federal Communications Commission (FCC) launched an investigation into the incident.
At the time, T-Mobile CEO Mike Sievert spoke about the incident, highlighting it was time to intensify their security since the breach was contained.
While the Bellevue-based company has yet to release an official announcement on its site, the company contacted the customers and informed them of the unauthorized access to their accounts.
Despite the operator containing every attack it ever got exposed to, one must acknowledge the fact that T-Mobile has had its fair share of cyber threats in four years, one in 2021, two in 2020, one in 2018, and another in 2019.