Mint Mobile has recently disclosed a data breach that compromised the personal information of its customers. Mint Mobile discovered and resolved the breach that exposed customer data that threat actors could potentially use for SIM swap attacks. It is one of the most concerning security incidents for the mobile carrier and its users. Notably, Mint Mobile does not store credit card numbers, and it claims to protect passwords with “strong cryptographic technology”.
In an email sent to customers titled “Important information regarding your account,” Mint Mobile informed users about the security incident, stating that an unauthorized actor obtained limited types of customer information. The exposed data includes customers’ names, telephone numbers, email addresses, SIM serial numbers, and IMEI numbers, along with a brief description of the service plan purchased. While the company assured customers about the security of their credit card numbers, it did not explicitly mention whether the hackers accessed hashed passwords or not.
Mint Mobile said that customers do not need to take immediate action in response to the new data breach
The exposed data is particularly worrisome as it contains information that could facilitate SIM swap attacks. With details like SIM serial numbers and IMEI numbers in hand, threat actors could attempt to port a person’s phone number to their device, potentially gaining unauthorized access to online accounts. Hackers commonly use this technique to breach accounts at cryptocurrency exchanges, where attackers exploit the compromised number to perform password resets and bypass multi-factor authentication.
Mint Mobile emphasized that customers do not need to take any immediate action in response to the data breach. However, the company set up a dedicated customer support number (949-704-1162) to address any questions or concerns related to the incident. A Mint Reddit moderator confirmed the legitimacy of the communication, assuring users that the company has provided the Customer Care number specifically to handle inquiries about the recent data breach.
While Mint Mobile did not disclose the specifics of how the breach occurred, reports from July 2023 suggested that a threat actor attempted to sell data on a hacking forum, claiming it was stolen from Mint Mobile and Ultra Mobile. The data allegedly included the last four digits of customers’ credit cards. It remains unclear whether this incident is connected to the recently disclosed breach.
This is not the first time Mint Mobile has faced such security challenges. In 2021, the company experienced a data breach where an unauthorized individual accessed subscribers’ account information and ported phone numbers to another carrier. Additionally, Mint Mobile’s parent company, T-Mobile, encountered substantial data breaches in January and May 2023, impacting millions of accounts. As Mint Mobile addresses this latest incident, it underscores the ongoing threats faced by companies in the telecommunications sector and the importance of robust cybersecurity measures.