T-Mobile reportedly closes out the year with yet another data breach

Know the Tech.
December 29, 2021

What you need to know

  • Some T-Mobile customers have reportedly been notified of unauthorized activity on their accounts.
  • Internal T-Mobile documents show that "unknown actors" had access to customers' personal information including the account number, name, and phone numbers on the account.
  • Some customers also had an unauthorized SIM swap which led to the device's number to point to another device.
  • T-Mobile has notified affected customers and the SIM swaps have been reversed.

As uncovered by The T-Mo Report, some T-Mobile customers have been notified about a data breach on their wireless T-Mobile accounts. This is reportedly part of an internal document that shows how to identify an affected account which includes CPNI and SIM memos applied on December 23, 2021.

The account memos include CPNI, SIM, and CPNI + SIM depending on which type of activity T-Mobile detected. CPNI refers to customer information such as the account name, number, phone numbers, number of devices, rate plan name, and how much it costs. While this information can seem harmless, it can be useful for a scammer to seem more legitimate when talking to you or people you know.

The SIM memo refers to accounts that have had an unauthorized SIM card change on their account. The memo indicates that an unknown person had swapped the SIM card to point to another device. T-Mobile has now reversed these changes and put the SIM back to the correct device. T-Mobile notes that TMO usernames and passwords combinations nor stored payment methods were accessed.

The final memo is a combination of the two with CPNI + SIM indicating that both conditions were met. A SIM Card Change Block has been implemented on these accounts.

It's important to remember how to avoid scams during the holidays and to be very careful about what information you give out. If you're not sure if a call from your carrier is legitimate, hang up and contact support directly or even visit a corporate store. You should also be using two-factor authentication whenever possible with a proper app so you can stop relying on SMS for authentication, of course, this follows a larger T-Mobile data breach that took place back in August of 2021 that affected 100 million customers.

We have reached out to T-Mobile for comment and will update this article if we receive a reply.



from androidcentral