Mint Mobile virtual operator reports data breach exposing customer data

Mint Mobile reported a data breach, revealing that the personal details of its customers were compromised. This breach could potentially enable SIM swap attacks due to the nature of the exposed data.

As a subsidiary of T-Mobile, Mint Mobile specializes in affordable, pre-paid mobile services. The breach notification, sent to customers on December 22nd 2023, highlighted a security lapse resulting in unauthorized access to limited customer information. This information includes:

• names,
• phone numbers,
• email addresses,
• SIM serial numbers,
• IMEI numbers,
• details of purchased service plans.

No details about the number of affected individuals is disclosed.

Credit card numbers and encrypted passwords were not compromised in this breach, though it remains unclear if hashed passwords were accessed.

The information exposed is particularly alarming because it is sufficient for executing SIM swap attacks, where an attacker transfers a victim's phone number to their device. This allows them to bypass multi-factor authentication by intercepting one-time passwords, a tactic often used to infiltrate cryptocurrency exchange accounts.

Despite the breach, Mint Mobile has advised customers that no immediate action is required and has provided a dedicated customer support number (949-704-1162) for queries.