Google Fi Customers Suffer the Fallout From T-Mobile Breach
The confirmation comes nearly two weeks after the breach of 37 million customers of T-Mobile, Google’s primary cellular network provider.
This week, Google confirmed a breach of customer data. In an email to Google Fi users, the company apprised users of the breach relating to a “third party.” The breach comes nearly two weeks after the breach of 37 million customers of T-Mobile, Google’s primary cellular network provider.
Google did not spell out the T-Mobile breach as the cause of the breach of its mobile virtual network operator (MVNO) service. However, there has been no breach at US Cellular, the other carrier that Google leverages for Fi. Connect the dots, and it is reasonably clear that the incident is related to the January 2023 T-Mobile breach, the carrier’s eighth since 2018.
Erich Kron, security awareness advocate at KnowBe4, told Spiceworks, “This is another example of where subcontracting services to others can result in problems for the main organization. While this practice is fairly common, when issues arise, the results can still be significant.”
“Given the history of breaches related to T-Mobile, it would have been wise for Google to require additional and more stringent security measures than perhaps T-Mobile currently has in place.”
Data that was compromised includes the phone numbers, SIM card serial number, when the account was activated, account status (whether active or inactive), and mobile service plan details (whether unlimited SMS, international roaming, etc.). Customer names, emails, payment card or financial account information, social security numbers, tax or government IDs, passwords and message contents have not been compromised.
Comparatively, in the T-Mobile breach, the threat actor(s) accessed names, billing addresses, emails, phone numbers, dates of birth, T-Mobile account numbers and other information, including the number of lines on the account and plan features.
However, Google’s email to one customer revealed that the hackers could target them in a SIM-swapping attack for a better part of two hours.
“On January 1, 2023, for about 1 hour 48 minutes, your mobile phone service was transferred from your SIM card to another SIM card. During the time of this temporary transfer, the unauthorized access could have involved the use of your phone number to send and receive phone calls and text messages. Despite the SIM transfer, your voicemail could not have been accessed. We have restored Google Fi service to your SIM card,” Google’s notification to the user reads.
It is unclear how many other Google Fi customers faced similar emails.
“Cellular networks are very concerning when it comes to a breach as many people protect financials using Multi-Factor Authentication (MFA) through SMS messages. If bad actors are able to SIM swap or receive these messages in place of the user, it can render the protection otherwise provided by MFA useless,” Kron continued.
“No matter whom you are contracting services from, it’s important to understand the risks which you then accept as part of that partnership. Security measures should be reviewed on a regular basis and consideration, up to and including termination of contracts, must be made when a subcontractor fails to protect your data.”
In its email, Google said it worked with the “primary network provider” and identified and implemented measures to secure the data and notified everyone impacted.
Let us know if you enjoyed reading this news on LinkedIn, Twitter, or Facebook. We would love to hear from you!