T-Mobile discloses data breach affecting ‘very small number’ of users

SECURITY

T-Mobile US Inc. today disclosed that some of its customers have been targeted by hackers using a cyberattack tactic known as SIM swapping. 

The carrier also stated that the hackers may have gained access to “limited account information” belonging to a subset of the affected users. However, T-Mobile didn’t specify how many users are affected or how the cyberattack was carried out. 

“We informed a very small number of customers that the SIM card assigned to a mobile number on their account may have been illegally reassigned or limited account information was viewed,” T-Mobile told BleepingComputer in a statement today.

SIM swapping is a type of cyberattack in which hackers trick a carrier’s employees into reassigning the phone number of a user to a SIM card they control. Using this method, a hacker can potentially bypass the multifactor authentication systems of online services and compromise victims’ accounts.

Reports of the data breach first emerged on Tuesday. Internal T-Mobile documents are said to indicate that some of the affected users had their account information stolen, but weren’t affected by the SIM swap attack. Other users were affected by both the data theft and the SIM swap. As of Tuesday, T-Mobile had reportedly already reversed the setting changes caused by the cyberattack.

“Unauthorized SIM swaps are unfortunately a common industry-wide occurrence, however this issue was quickly corrected by our team, using our in-place safeguards, and we proactively took additional protective measures on their behalf,” T-Mobile said in its statement today.

The incident is the latest in a series of data breaches to have affected T-Mobile customers over the last few years. Since 2018, the carrier has disclosed no fewer than seven different breaches including the SIM swap attack detailed today.

One of the most severe cybersecurity incidents at T-Mobile came to light earlier this year. In April, the carrier disclosed that hackers had stolen personal information belonging to more than 50 million past and current customers. T-Mobile said that the hackers gained access to its network by compromising internal testing environments and using them to infect other parts of its technology infrastructure.

Earlier in 2021, the carrier reported a separate SIM swapping attack that targeted up to 400 customers. The hackers responsible for the breach reportedly used a flaw in an internal T-Mobile application to carry out the cyberattack.

Photo: T-Mobile