Pierluigi Paganini December 23, 2023
Mint Mobile experienced a recent data breach, exposing customers’ personal information to unauthorized access by threat actors.
Mint Mobile is a mobile virtual network operator (MVNO) that offers prepaid mobile phone services. As an MVNO, Mint Mobile doesn’t own its own wireless infrastructure. In March of 2023, T-Mobile US acquired the mobile virtual network operator.
The company is investigating into the incident with the help of leading forensic cybersecurity experts.
On December 22, 2023, Mint Mobile started notifying impacted customers.
“We are writing to inform you about a security incident we recently identified in which an unauthorized actor obtained some limited types of customer information. Our investigation indicates that certain information associated with your account was impacted.” reads the data breach notification email sent to the impacted customers. “Mint’s data collection policy is one of the most important ways in which we ensure the privacy and security of our subscribers. We never collect dates of birth or government-assigned identifiers like social security numbers or driver license ”
Mint pointed out that financial data and passwords were not exposed.
Exposed information includes Names, Number, Email Address, SIM Serial Number and IMEI, and Service Plan info. The company did not disclose the number of impacted customers.
Bleeping Computer correctly pointed out that threat actors can use the exposed data to carry out SIM swapping attacks
In July 2021, Mint Mobile disclosed another data breach, an unauthorized attacker gained access to subscribers’ account information and ported phone numbers.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, data breach)