- Mint Mobile says its customers’ names, phone numbers, SIM/IMEI, and plan details have been compromised in a new data breach. Customers do not need to take any further action as the carrier has resolved the “fundamental issue”.
- Such data breaches can lead to SIM swap attacks, where attackers port the victim’s phone number to their own devices.
- Mint Mobile faced a similar data breach in 2021, while major companies like T-Mobile, AT&T, and Verizon have all witnessed breaches this year.
Data breaches can have a devastating impact on any company, depending on the scale and importance of the compromised data. Although modern technology companies try to protect their infrastructure from such incidents, attackers always tend to find a way to penetrate their systems. virtual mobile network operator or MVNOMint Mobile is the latest victim of a data breach, the company confirmed over the weekend.
The carrier began sending emails to customers about the data breach on Friday, a Reddit user reported. A company representative subsequently acknowledged the development and directed me to contact customer support. 949-704-1162. The email further states that this number was set up to answer “specific questions” regarding the breach.
Mint also revealed what type of data was compromised, including customer names, phone numbers, SIM numbers, IMEI numbers, and a “brief description” of the plans they subscribed to. The good news is that subscribers don’t need to take any steps to secure their accounts, and the same email says the “fundamental issue” has been fixed. Additionally, Mint said it is partnering with “independent security experts” to ensure this incident is not repeated in the future.
The next best thing is that passwords, social security numbers, and credit card information were reportedly not included in the breach. However, this does not exclude the possibility of a significant increase in spam messages and phone calls for Mint customers. The MVNO did not say how many were affected, but if you received this email, you may be one of them.
As Bleeping Computer points out, this breach has even more serious implications (from The Verge). Data obtained as part of this breach could be used to perform SIM swap attacks. This is a type of attack in which the victim’s phone number is ported to the attacker’s device, bypassing protections such as one-time passwords (OTPs) commonly used to perform online transactions. It is important to note that at this time there is no evidence that a SIM swap attack was performed as part of this data breach.
Mint Mobile is currently in the process of being acquired by T-Mobile and is awaiting regulatory approval. The latter has considerable experience in dealing with data breaches, including an attack in January 2023 in which he compromised the details of 37 million subscribers. This year, carriers such as AT&T and Verizon were also affected by similar incidents, with both companies later blaming third-party vendors. This isn’t Mint Mobile’s first rodeo either, as the MVNO faced a similar breach in July 2021, and passwords were also included in the list of compromised materials.