T-Mobile confirms data breach was caused by SIM-swapping attack

SIM Card vs eSIM
(Image credit: Future)

A “very small group” of T-Mobile customers in the United States fell victim to a SIM-swapping attack, the telecoms operator has confirmed.

In a statement, the company said affected customers were notified of the attack, and the company acted quickly to mitigate the threat.

"We informed a very small number of customers that the SIM card assigned to a mobile number on their account may have been illegally reassigned or limited account information was viewed," T-Mobile told BleepingComputer.

Big telecoms targeted

"Unauthorized SIM swaps are unfortunately a common industry-wide occurrence, however this issue was quickly corrected by our team, using our in-place safeguards, and we proactively took additional protective measures on their behalf."

"We are not providing any additional information at this time. Thank you!”, the statement concluded.

A SIM swap attack is a fraudulent activity in which the telecommunications operator is tricked into assigning a mobile phone number to a different SIM card. It’s a popular, and very dangerous attack, given that many people use SMS for two-factor authentication

By redirecting SMS messages to the attacker’s mobile device, they’re often able to log into banking services, clear out the funds, or steal their identities for other purposes.

As a major telecoms provider, T-Mobile is often the target of identity theft and similar fraudulent activities. Customers are advised to be extra careful when getting SMS messages, or emails, claiming to be from T-Mobile. Also, they should be careful not to open any links in those messages, before confirming the authenticity of the sender.

Account takeover is such a widespread thing that T-Mobile has an entire support page devoted to it.

  • You might also want to check out our list of the best antivirus solutions out there

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.