T-Mobile is still suffering from data breaches, although its latest headache may be more reflective of the phone business at large. The carrier has confirmed to Bleeping Computer that a recent data breach stemmed from SIM swapping attacks. Intruders compromised a “very small number” of customers by reassigning SIM cards or viewing “limited” account info, T-Mobile said.
It’s not clear what methods the attackers used, but SIM swaps are frequently used to take control of internet accounts and circumvent SMS-based two-factor authentication. The attacks sometimes rely on tricking or paying carrier staff to make the swaps.
The provider said it “quickly corrected” the problem using existing measures and took further steps to protect targets. The company also contended that swaps are a “common industry-wide occurrence.” While that’s sadly true, that won’t be much help for victims — it could be a long while before SIM swap attacks are impractical.