Just four months after disclosing a massive data breach, T-Mobile has again been hacked.
The newest breach affected a “small subset” of customers, according to T-Mo Report, which first reported on the hack. In some instances, the hacker or hackers obtained SIM cards as well customers' names, phone numbers and other data related to their billing plans, according to T-Mo Report. In other cases, hackers obtained just SIM cards, or just the plan-related data.
A T-Mobile spokesperson says the company informed "a very small number" of customers that their SIM cards "may have been illegally reassigned," or that "limited account information was viewed."
"SIM swaps are unfortunately a common industry-wide occurrence, however this issue was quickly corrected by our team, using our in-place safeguards, and we proactively took additional protective measures on their behalf," the spokesperson added.
This latest cyberattack marks at least the fourth data breach for T-Mobile in the last four years.
The most recent prior attack was disclosed in August, when the company confirmed that hackers had obtained full names, birthdates, Social Security Numbers and driver's license information for more than 40 million former or prospective customers, as well as 7.8 million current customers. (The telecom collects that information when running credit checks of people who apply for post-paid accounts.)
News of that incident spurred calls for a crackdown on the company.
“If companies need to conduct a credit check, and they need the Social Security number to do that, that information should be collected in an encrypted fashion, and not stored,” Free Press research director S. Derek Turner said in August.
“It's flabbergasting that T-Mobile kept Social Security numbers of people who were no longer even customers of theirs,” he added. “No business should ever retain a Social Security number.”
Senator Ron Wyden (D-Oregon) responded to news of the August data breach by suggesting the Federal Communications Commission should issue fines “in the billions,” according to The Washington Post.
T-Mobile customers also filed numerous lawsuits over the August data breach. Those cases were consolidated into one potential class-action, which is currently pending in federal court in Missouri.