T-Mobile has verified that recent claims of a new data breach are connected to notices made to a “very limited number of customers” who were the victims of SIM swap attacks. A T-Mobile spokesperson revealed that a small number of customers were notified that the SIM card connected to a mobile number on their account had been improperly transferred or that restricted account information had been seen.
Unapproved SIM swaps are regrettably a typical occurrence in the business; nevertheless, our staff immediately resolved the problem by implementing our existing protections, and we took proactive preventative actions on their behalf. When requested for more information on the overall number of consumers impacted and the mechanism utilized by the attackers to carry out the SIM swap attacks successfully, T-Mobile declined.
We are not providing any additional information at this time. Thank you!,” a company spokesperson told.
SIM swapping (aka SIM hijacking) allows attackers to get control of a target’s mobile phone number by duping or bribing carrier staff into reassigning the numbers to attacker-controlled SIM cards. It enables threat actors to gain control of their victims’ phone numbers, which they may then use to overcome SMS-based multi-factor authentication (MFA), steal their credentials, steal money from their bank accounts, or hijack their online accounts by altering their passwords.
Customers of T-Mobile should be on the watch for any strange text messages or emails posing as T-Mobile. If you receive a link, don’t click it since attackers might use it to steal your credentials. There are tips from T-Mobile on how to avoid account takeover attempts on this support page.
In the previous four years, T-Mobile has been the subject of many data breaches, including one in February 2021 that exploited an internal T-Mobile program to target up to 400 consumers in SIM swap attempts. Following an increase in SIM hijacking attacks targeting bitcoin investors and users, the FBI released recommendations to guard against them.