Some Mint Mobile subscribers were the victim of a data breach that could lead to SIM swaps
While we wait for the FCC to allow T-Mobile to purchase Mint Mobile, the MVNO (Mobile Virtual Network Operator) continues to run independently. Just yesterday Android Police reported that Mint Mobile customers were the victim of a data breach. The data compromised includes customer names, phone numbers, email addresses, SIM/IMEI numbers, and information related to the Mint Mobile plan used by the customers who were the victims of the data breach.
Mint Mobile says that customers are not required to take any further action after Mint said that it has fixed "the underlying issue." Mint Mobile sent out emails to affected customers pointing out that information like social security numbers and driver license numbers are not collected by Mint so that data is not part of the data breach.
On the other hand, with the stolen SIM serial number, an attacker can switch the victim's phone number to another device controlled by the attacker. This allows the criminal to sign in to banking, securities, and other financial apps belonging to the Mint Mobile customer by hijacking OTPs (one-time passwords that are sent to verify a user's identity) and using them to sign into these apps to take control of credit cards, stocks, cash, and other personal property.
It is important to point out that as of now, there is no sign that this data breach has led to SIM swap attacks against Mint Mobile subscribers.
Mint Mobile notified affected customers about the data breach by sending out an email
Mint Mobile customers suffered through another Data Breach in July 2021 and that time customer passwords were included in the personal data that was part of the data breach. Prospective Mint Mobile acquirer T-Mobile has been the subject of multiple data breaches itself including one in January 2023 that coughed up personal information about 37 million customers.
As an MVNO, Mint Mobile does not own any cell towers or wireless networks of its own. It essentially resells service from T-Mobile at a profit. If you're a Mint Mobile customer and received the email from the company disclosing the data breach, chances are that your personal data has been compromised. Mint Mobile set up a special customer service number for those with questions about the data breach. That number is (949) 704-1162.
To prevent a repeat of this incident, Mint Mobile says that it is partnering with "independent security experts."
Things that are NOT allowed: