In August, T-Mobile suffered a massive data breach that affected more than 50 million current, former, and prospective T-Mobile users, and now the cellular company is dealing with another smaller data breach incident.
T-Mobile has confirmed that the reports of unauthorized activity affecting some customer accounts were due to a small number of customers.
T-Mobile told Bleeping Computer that their customers had been the victims of sim swap attacks. In a swap attack, attackers can take over a phone number if T-Mobile employees reassign the phone numbers to someone else. This can be devastating, as phone numbers can be linked to sensitive information.
A small number of customers were told that the sim card assigned to their account may have been illegally reassigned or their account information was viewed.
>
Unauthorized sim swaps are a common occurrence in the industry, however this issue was quickly corrected by our team, using our in-place safeguards, and we took additional protective measures on their behalf.
T-Mobile says that the attack has been mitigated and that the issue has now been corrected, but the company has not provided details on the number of customers impacted or how the hackers were able to execute the sim swap attacks.
The attackers were able to obtain phone numbers, addresses, birth dates, social security numbers, driver's license and IMSI numbers for more than 50 million people, with the information offered up for sale.
T-Mobile CEO Mike Sievert apologized for the incident at the time, and said that T-Mobile was "truly sorry" for the incident, which was the result of a "bad actor" who used knowledge of T-Mobile's technical systems to gain access to testing environments.
T-Mobile entered into a long-term partnership with cybersecurity experts at Mandiant and with a consulting firm to improve security, and the company said that it was planning a multi-year investment to improve security.
