Mint Mobile Warns Customers of Data Breach: Personal Data Can Be Used For SIM Swap Attacks

An unauthorized access was made to steal customer information and use it in SIM swapping scams.

Mint Mobile, a prominent mobile virtual network operator (MVNO) under T-Mobile, has reported a significant data breach that puts customer information at risk.

The breach, which the company has already addressed, has potential implications for SIM swap attacks. Here's what you need to know about this security incident.

Mint Mobile Notifies Users About the Attack

Mint Mobile Warns Customers of Data Breach: Personal Data Can Be Used For SIM Swap Attacks
Mint Mobile, which operates under T-Mobile, has suffered from a data breach that impacted the data of its customers. According to the operator, the incident has enough information to launch SIM swapping attacks. Mint Mobile

According to Bleeping Computer, Mint Mobile began notifying its customers on Dec. 22, alerting them to an important security incident. Customers received emails titled "Important information regarding your account," acknowledging a breach where a hacker accessed sensitive customer data.

Exposed Customer Data

Since the stakes are high for Mint Mobile, it's important to inform the customer what type of data the hack affects. The telecom startup that Deadpool star Ryan Reynolds owned shares some of the compromised information, which includes:

  • Name
  • Telephone number
  • Email address
  • SIM serial number and IMEI number
  • Brief service plan description

Credit card numbers are not among the exposed data, as Mint Mobile confirms they do not store such information. Additionally, the company emphasizes the robust protection of passwords through advanced cryptographic technology.

Potential for SIM Swap Attacks

The exposed data poses a risk of SIM swap attacks. Threat actors could leverage this information to port a person's number to their own device. Once in control, attackers may attempt unauthorized access to online accounts by exploiting password resets and OTP codes used in multi-factor authentication.

"If you received a notice via email from no-reply@account.mintmobile.com on December 22, 2023, it is from Mint and is not a scam. The Customer Care number was set up to handle specific questions about this communication," a Mint moderator explained on Reddit.

Customer Assurance

Mint Mobile reassures customers that, despite the breach, they do not need to take immediate action. Any inquiries or concerns can be directed to Mint Mobile's customer support at 949-704-1162, a number explicitly set up to handle questions related to the data breach.

Previous Indications of a Breach

While Mint Mobile has not disclosed the specific breach details, a previous report from FalconFeeds in July 2023 indicated an attempt by a threat actor to sell Mint Mobile data on a hacking forum. The offered data allegedly included the last four digits of customers' credit cards.

Historical Breach Instances

This incident isn't Mint Mobile's first encounter with data breaches. In 2021, an unauthorized person accessed subscriber account information, leading to phone number porting. Moreover, Mint Mobile's parent company, T-Mobile, faced a massive data breach in January 2023, impacting 37 million accounts. A smaller breach affecting 836 customers occurred in May 2023.

Are Mint Mobile Plans Worth it?

According to Business Insider, you can save significant money when you purchase a plan through Mint. It's cheaper than what you can get from most carriers in the US. However, the only caveat you will experience here is the required payment for your date in advance. Other than that, its plans are worth your buck, and even then, Mint has discounts for customers who want to avail of them.

Joseph Henry
Tech Times
ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics