T-Mobile confirms SIM swapping attacks led to breach

T-Mobile has confirmed a data breach that was caused in part by SIM swapping attacks, according to a statement from the company.

The T-Mo Report, a blog tracking T-Mobile, obtained internal reports showing that some data was leaked from a subset of customers. The customers, according to The T-Mo Report, come in three varieties. 

Some had their customer proprietary network information (CPNI) leaked, others had their SIMs swapped and a small group suffered from both. CPNI includes information about a customer’s plan, the number of lines, the phone numbers, the billing account and more.  

When pressed for comment by ZDNet, T-Mobile refused to go into detail about the attack and would not say how many customers were affected in the incident.

“Our people and processes worked as designed to protect our customers from this type of attempted fraud that unfortunately occurs all too frequently in our industry,” a T-Mobile representative said in response to questions from ZDNet. 

The company told Cnet and Bleeping Computer that they sent notices to “a small number of customers” that were dealing with SIM swapping attacks, calling the attacks “a common industry-wide occurrence.”

A T-Mobile representative wrote on Twitter that the company “is taking immediate steps to help protect all individuals who may be at risk from this cyberattack.” 

The company is coming off of a massive data breach in August where the sensitive information of more than 50 million current, former and prospective customers was exposed. This included names, addresses, social security numbers, driver’s licenses and ID information for about 48 million people.

T-Mobile users have long criticized the carrier for their lackluster support for SIM swapping victims. The company has repeatedly announced SIM swapping attacks and data breaches since 2018.