Mint Mobile, the MVNO (Mobile Virtual Network Operator) that is awaiting FCC approval to be acquired by T-Mobile, has suffered another data breach that affects some of its customers. The breach was reported by Android Police yesterday, and Mint Mobile has confirmed it in an email to the impacted customers.
Email addresses, phone numbers, SIM/IMEI numbers, names, and plan details for Mint Mobile customers were all exposed in the data breach, according to the email. According to the email, clients don’t need to take any additional action because Mint Mobile has rectified “the underlying issue.” However, neither the date of the breach nor the method by which the attackers obtained access to the data were mentioned in the email, nor did it indicate how many customers were impacted.
The data breach poses a serious threat to the customers, as it could enable SIM swap attacks. A SIM swap attack is when an attacker uses the stolen SIM serial number to transfer the victim’s phone number to a device that they control. This way, the attacker can intercept OTPs (one-time passwords) that are sent to the phone number to verify the identity of the user. The attacker can then use the OTPs to log into the victim’s financial accounts, such as banking, securities, and other apps, and steal their money, stocks, or other assets.
Although there isn’t any proof that the data leak has led to any SIM swap assaults as of yet, Mint Mobile urged users to be caution and report any unusual activity on their accounts. In order to ensure that no data was hacked, Mint Mobile also stated that it does not gather or keep sensitive data, such as driver’s license or social security numbers.
This is not the first time that Mint Mobile has experienced a data breach. In July 2021, Mint Mobile disclosed another data breach that exposed customer passwords, along with other personal data. Mint Mobile said that it reset the passwords of the affected customers and implemented additional security measures. However, the repeated data breaches raise questions about Mint Mobile’s security practices and customer trust.
Mint Mobile is not the only one that has faced data breaches in the wireless industry. T-Mobile, the company that plans to buy Mint Mobile, has also suffered multiple data breaches in the past, including one in January 2023 that leaked personal information of 37 million customers. T-Mobile said that it was working with law enforcement and cybersecurity experts to investigate the breach and protect its customers.
Mint Mobile is an MVNO that operates on T-Mobile’s network, but does not own any cell towers or wireless infrastructure of its own. It offers low-cost wireless plans to customers who bring their own devices. Mint Mobile said that it has set up a special customer service number for those who have questions or concerns about the data breach. The number is (949) 704-1162.
Mint Mobile also said that it is partnering with “independent security experts” to prevent future data breaches and enhance its security posture. Mint Mobile apologized to its customers for the inconvenience and assured them that it is taking the matter seriously. Mint Mobile said that it values its customers and their privacy, and that it is committed to providing them with a safe and reliable wireless service.