Google's cell network provider, Google Fi, has announced a data breach that is believed to be related to the recent security incident at T-Mobile

Continue reading
Google's cell network provider, Google Fi, has announced a data breach that is believed to be related to the recent security incident at T-Mobile. This security breach, disclosed on January 19, allowed hackers to steal the personal data of 37 million T-Mobile customers. This marks the eighth time T-Mobile has been hacked since 2018.
Google sent an email to its customers on Monday, confirming the data breach. According to the email obtained by TechCrunch, the primary network provider for Google Fi recently informed the company of suspicious activity related to a third-party support system that contained a limited amount of Google Fi customer data. The information accessed by the hackers included phone numbers, account status, SIM card serial numbers, and details about mobile service plans, such as unlimited SMS and international roaming.

*Google Fi's Data Breach Notification to its customers*
Thankfully, the hackers did not access customers' personal information, payment card data, passwords, PINs, or the contents of text messages or calls. However, at least one Google Fi customer claimed that their phone number had been briefly hijacked, also known as SIM swapping. The intruders transferred the customer's number for close to two hours, during which they could have used it to make and receive phone calls and text messages. Hackers use this technique to access a victim's other online accounts protected by the same, albeit hijacked, phone number.
Google officials were asked to confirm the connection between this breach with the T-Mobile breach, but the company didn't respond to anything. It is not immediately clear how many Google Fi subscribers have been affected by the breach, as the company has not made public the number of its cell subscribers.
In its email to customers, Google stated that it is working with its network provider to identify and implement measures to secure the data on the third-party system and notify those potentially impacted. The company assured its customers that there was no access to Google's systems or any systems overseen by Google.
T-Mobile has suffered from several security incidents in the past, compromising its users' data. In 2022, a phishing attempt targeted T-Mobile that used unblockable texts sent over SMS group messages to deliver malicious websites. The phishing SMS convinced recipients to click on a malicious link by luring them with the hope of receiving a gift, but the links may have directed them to fraudulent websites that attempted to steal their account passwords or personal information, as well as install malware.
In January 2022, T-Mobile suffered a small data breach due to a SIM swapping attack. The breach exposed personal plan information and possibly allowed attackers to view a customer's proprietary network information, including the billing account name, phone number, and account number.
T-Mobile has also experienced several data breaches in the past. In 2018, hackers gained access to information belonging to 3% of T-Mobile users. In 2019, T-Mobile exposed prepaid customers' data, and in 2020, hackers obtained access to T-Mobile workers' email accounts. In December 2020, hackers accessed customers' confidential network information, including phone numbers and call records. In February 2021, threat actors gained access to an internal T-Mobile application, and in August 2021, they brute-forced their way through the network. T-Mobile confirmed that there is no link between the earlier data breaches and the recent phishing attempts and advised its customers to exercise caution when communicating with unknown senders or receiving unexpected messages.
This latest data breach highlights the importance of cybersecurity awareness and the need for companies to protect their customers' personal and sensitive information. With hacking incidents on the rise, individuals and organizations must take the necessary steps to secure their information and prevent potential data breaches.
Google Fi customers are strictly advised to keep a close eye on their account activity and report any suspicious activity to the company immediately. The company has promised to continue working with its network provider to ensure the security of its customers' data.
With the rise in hacking incidents, individuals and organizations must take the necessary steps to secure their information and prevent potential data breaches. Google Fi is working with its network provider to confirm the data and notify those potentially impacted, but it is unclear how many customers have been affected.

A third-party software flaw inside one of Japan's largest telcos exposed login credentials for up to 14.2 million email accounts across six ISPs. The passwords? Some were hashed. Some may not have been