2021 hasn’t been a good year for data security, and T-Moble is no exception, as the carrier earlier this year suffered a massive data breach that exposed data from over 50 million current and former customers. Now, a new report indicates the Magenta Carrier has suffered another (smaller) data breach.
A report from The T-Mo Report says internal documents show that T-Mobile suffered from “unauthorized activity” on some customer accounts. “That activity was either the viewing of customer proprietary network information (CPNI), an active SIM swap by a malicious actor, or both,” says the report.
Affected customers fall into one of three categories. First, a customer may have only been affected by a leak of their CPNI. This information may include the billing account name, phone numbers, number of lines on the account, account numbers, and rate plan info. That’s not great, but it’s much less of an impact than the breach back in August had, which leaked customer social security numbers.
The second category an affected customer might fall into is having their SIM swapped. This is where a malicious actor will change the physical SIM card associated with a phone number in order to obtain control of said number. This can, and often does, lead to the victim’s other online accounts being accessed via two-factor authentication codes sent to their phone number. The document says that customers affected by a SIM swap have now had that action reversed.
A third category includes customers who could have had both their private CPNI viewed as well as their SIM card swapped.
T-Mobile hasn’t publicly acknowledged the potential data breach. It’s also unclear just how widespread this data breach is, but it is believed to be on a smaller scale than the previous breach.
(Via 9to5Mac)