Mint Mobile Was Hit by a Data Breach
The Company Disclosed That it Suffered a Data Breach in Which Subscribers’ Account Data Got Accessed.
It seems that the Mint Mobile data breach happened when an unauthorized person obtained access to subscribers’ account information and in this way succeeded to port phone numbers to another carrier.
Mint Mobile is an American telecommunications company selling mobile phone services and operating as an MVNO on T-Mobile’s cellular network in the US.
The company sent a data breach notification email to the affected subscribers saying that between June 8th and June 10th, a threat actor ported the phone numbers for a “small” number of Mint Mobile subscribers to another carrier without authorization.
Mint Mobile disclosed also the fact that an unauthorized person potentially accessed subscribers’ personal information, like call history, names, addresses, emails, and passwords.
Between June 8, 2021 and June 10, 2021, a very small number of Mint Mobile subscribers’ phone numbers, including yours, were temporarily ported to another carrier without permission.
While we immediately took steps to reverse the process and restore your service, an unauthorized individual potentially gained access to some of your information, which may have included your name, address, telephone number, email address, password, bill amount, international call detail information, telephone number, account number, and subscription features.
At this time Mint Mobile has not disclosed how the threat actor gained access to subscribers’ information, based on the data that was accessed, it is possible that the attackers hacked user accounts or compromised a Mint Mobile application used to manage customers.
The company created a more detailed post explaining the Mint Mobile data breach on its Reddit page, in an attempt to make things clearer.
We’ve been reading your inquiries about the recent security concerns. Despite deeply wanting to respond to your questions, we haven’t been able to due to some pretty rigid compliance regulations around what we can share publicly, especially while we engage with law enforcement.
So what happened? We can’t share much, but in short, Mint Mobile was the victim of a social engineering incident last month that impacted a small number of subscribers. We have been in contact with impacted subscribers and quickly restored their services. We also continue to investigate this incident.
Since the incident, we have further strengthened our efforts and processes around our security platform, both subscriber-facing and back-of-the-house systems. We will share additional subscriber-facing changes and enhancements with Reddit when they go live.
Since our investigation is ongoing, and we continue to cooperate with law enforcement, we are unable to respond to specific comments and questions at this time. Please rest assured that we will continue to read every comment. We take security and user privacy very seriously.
The situation comes to shed light on the importance of having high security for customer-facing support systems in order to not become victims of malicious attacks.