The organization said the activity was most likely either the viewing of customer proprietary network information (CPNI), an active SIM (subscriber identity module) swap by a malicious actor, or possibly both.
If it was CPNI, then the hackers could have taken advantage of a customer’s account name, phone number, rate plan, and more. “That’s not great, but it’s much less of an impact than the breach back in August had, which leaked customer social security numbers,” T-Mo said.
On the other hand, if it was a SIM swap, things could be worse. Hackers could gain control of a customer’s phone number. In that situation, it could lead to the victim’s other online accounts being accessed via two-factor authentication codes sent to their phone number, T-Mo said. However, the document shared with T-Mo indicated that anyone affected by a SIM swap had lucked out and that action was reversed.
T-Mobile responds
When ConsumerAffairs asked T-Mobile for a comment about the breach, the company confirmed the issue and said that it has corrected it.
“We were informed [by] a very small number of customers that the SIM card assigned to a mobile number on their account may have been illegally reassigned or limited account information was viewed. Unauthorized SIM swaps are unfortunately a common industry-wide occurrence, however this issue was quickly corrected by our team, using our in-place safeguards, and we proactively took additional protective measures on their behalf,” a company spokesperson said in an email.
In addition, T-Mobile Help responded to a question posted on Twitter by saying that it was “taking immediate steps to help protect all individuals who may be at risk from this cyberattack.” It followed by saying users could send it a direct message to discuss steps to increase account security.
T-Mo also reported that customers who notified T-Mobile of unauthorized activity on their account have had notes added to their account for reps to see when accessing them.