T-mobile in August, experienced a large data breach, touching more than 50 million current, former, and potential T-Mobile subscribers, and Currently the cellular firm is dealing with another minor data breach event.
However, claims yesterday revealed that T-Mobile was aware of illegal activity impacting certain user accounts, and today, T-Mobile has verified that the reports were due to SIM swap assaults affecting a “very limited number of consumers.”
In a statement to Bleeping Computer, T-Mobile claimed that affected consumers had been told that they had been the target of SIM swap attacks. In a SIM swap attack, social engineering is used to convince T-Mobile personnel to transfer the phone numbers associated with a person to someone else, enabling attackers to take over a phone number. This may be disastrous since phone numbers are commonly connected to email accounts, financial accounts, and other critical information.
We advised a very small number of clients that the SIM card associated with a mobile number on their account may have been unlawfully transferred or restricted account information was seen.T-Mobile
Unauthorized SIM swaps are regrettably an industry-wide occurrence, although this problem was immediately resolved by our team, utilizing our in-place protections, and we proactively implemented further preventative actions on their behalf.
T-Mobile says that the assault has been relieved and that the issue has now been revised. However, the organization has not given explicit details on the number of clients affected nor how the programmers had the option to execute the SIM trade assaults.
In the August information break, assailants had the option to acquire telephone numbers, addresses, birth dates, federal retirement aid numbers, driver’s permit and ID data, IMEI numbers, and IMSI numbers for more than 50 million individuals, with the data made available for purchase.
T-Mobile CEO Mike Sievert apologized for the break at that point and said that T-Mobile was “genuinely grieved” for the episode, which was the consequence of a “troublemaker” who utilized information on T-Mobile’s specialized frameworks to get close enough to testing conditions, utilizing savage power assaults to get to T-Mobile’s IT servers.
To forestall future assaults, T-Mobile entered into a drawn-out organization with online protection specialists at Mandiant and with counseling firm KPMG LLP, and the organization said that it was arranging a long-term venture to further develop security.