It looks like T-Mobile is cursed to encounter frequent security incidents, affecting its customers’ sensitive information. After reporting a security intrusion in August 2021, the American telco giant reportedly again sustained a cyberattack that exposed users’ data and SIM details.

T-Mobile is taking immediate steps to help protect all individuals who may be at risk from this cyberattack. If you have any questions, send us a DM and we can discuss steps to increase your account security. ^KenStone

— T-Mobile Help (@TMobileHelp) December 28, 2021

According to a report, unknown hackers accessed customer accounts to view customer proprietary network information (CPNI) or launch SIM swapping attacks.

Data Breach or SIM Swap  

The report stated T-Mobile customers either had their CPNI exposed or fell victim to a SIM swapping attack, or both. The CPNI information includes customers’ billing account names, phone numbers, number of lines on the account, account numbers, and mobile plan details.

What is SIM Swapping?

In a SIM swapping attack, cybercriminals call service providers and trick them into changing a victim’s phone number to an attacker-controlled SIM card. This allows the attacker to reset passwords and access victims’ sensitive data via bypassing users’ 2FA protection.

Customers Data at Risk

While there is no information on how many customers were affected by the incident, T-Mobile stated it had notified the impacted users.

“We informed a very small number of customers that the SIM card assigned to a mobile number on their account may have been illegally reassigned or limited account information was viewed. Unauthorized SIM swaps are unfortunately a common industry-wide occurrence. However, this issue was quickly corrected by our team, using our in-place safeguards, and we proactively took additional protective measures on their behalf,” T-Mobile said in a media statement.

One Telecom – Multiple Data Breaches

Unfortunately, this is not the first security incident for T-Mobile  this year. Recently, in August, that company confirmed an unauthorized intrusion that affected customers’ sensitive data. T-Mobile also suffered data breach incidents in February and March that exposed users’ data to various security risks. While T-Mobile did not reveal the details about the kind of data breached or the number of affected users, a report claimed that attackers obtained sensitive information related to over 100 million users from T-Mobile servers.

Earlier, the company also recommended a few mitigation tips to its customers, who are concerned about their private data being vulnerable; these include:

• Monitor all your accounts to find any unauthorized/fraudulent activity. Don’t forget to report if you find any suspicious activity.
• Use a credit monitoring service to ensure data privacy.
• Do not respond to suspicious emails/messages received from unknown sources.
• Change passwords of all your online accounts.

Constant security incidents could bring multiple and severe repercussions to organizations, such as losing customers’ trust and impacting brand value. Therefore, organizations must implement robust and continuous cybersecurity measures to mitigate security incidents.

The post T-Mobile Reports Data Breach for the Third Time in 2021 appeared first on CISO MAG | Cyber Security Magazine.