Mint Mobile Breach: Customers May Face SIM Swap Attacks
Mint Mobile, a mobile virtual network operator owned by actor Ryan Reynolds and due to be bought by T-Mobile for $1.3 billion, has reported a significant data breach. The breach occurred in March 2023 and puts customers at risk of SIM swap attacks.
Known for offering prepaid mobile phone services, Mint Mobile revealed that threat actors gained unauthorized access to customers' personal information. The breach notification, issued on December 22, 2023 via email, stated:
"We are writing to inform you about a security incident we recently identified in which an unauthorized actor obtained some limited types of customer information."
The compromised data includes customers' names, phone numbers, email addresses, SIM serial numbers, IMEI numbers (device identifiers), and details about their service plans. Mint Mobile has clarified that sensitive financial data and passwords were not exposed in the breach, offering some relief to affected users.
Mint Mobile is actively investigating the incident, working with cybersecurity experts to understand the full scope and impact of the breach. The company, emphasizing its commitment to privacy and security, highlighted that it does not collect dates of birth or government-assigned identifiers like social security numbers or driver's licenses.
Security experts have expressed apprehension regarding the exposed data, emphasizing the risk of SIM swapping attacks. The compromised SIM serial numbers and IMEI numbers could provide threat actors with the means to take control of users' numbers, potentially leading to unauthorized access to online accounts.
This is not the first time Mint Mobile has faced such security challenges. In July 2021, the company disclosed a data breach where an unauthorized attacker accessed subscribers' account information and initiated the transfer of compromised phone numbers to another provider.
Mint Mobile has assured customers that immediate action is not required, and a dedicated customer support number (949-704-1162) has been set up to address enquiries related to the breach, as confirmed by a Mint moderator on Reddit.
Please, comment on how to improve this article. Your feedback matters!