Google’s cell network provider Google Fi has confirmed a data breach, likely related to the recent security incident at T-Mobile, which allowed hackers to steal millions of customers’ information.
In an email sent to customers on Monday, obtained by TechCrunch, Google said that the primary network provider for Google Fi recently informed the company that there had been suspicious activity relating to a third-party support system containing a “limited amount” of Google Fi customer data.
The timing of the notice — and the fact that Google Fi uses a combination of T-Mobile and U.S. Cellular for network connectivity — suggests the breach is linked to the most recent T-Mobile hack. This breach, disclosed on January 19, allowed intruders access to a trove of personal data belonging to 37 million customers, including billing addresses, dates of birth and T-Mobile account details. The incident marked the eighth time T-Mobile has been hacked since 2018.
In the case of Google Fi’s breach, Google says the hackers accessed limited customer information, including phone numbers, account status, SIM card serial numbers and information related to details about customers’ mobile service plans, such as whether they have selected unlimited SMS or international roaming.
Google said that the hackers did not take customers’ personal information or payment card data, passwords, PINs or the contents of text messages or calls.
While some emails told customers that there is “no action required,” at least one Google Fi customer claimed in a Reddit post that their disclosure said that their phone number had been briefly hijacked, known as SIM swapping. Google reportedly told the customer that the intruders had transferred their number for close to two hours, during which they “could have involved the use of your phone number to send and receive phone calls and text messages.” This technique is used by hackers to gain access to a victim’s other online accounts that are protected by the same, albeit hijacked phone number.
TechCrunch asked Google whether it could confirm that the incident was linked to the recent T-Mobile breach but has yet to receive a response. It’s not immediately clear how many Google Fi subscribers have been affected by the breach. Google hasn’t made public how many cell subscribers it has in total.
In its email to customers, the company said it is working with the as-yet-unnamed network provider to “identify and implement measures to secure the data on that third-party system and notify everyone potentially impacted.” It added that there was no access to Google’s systems or any systems overseen by Google.
Updated to remove a sentence related to customer voicemails.
https://techcrunch.com/
A notable development for the fraught issue of cross-border data flows from the Organisation for Economic Co-operation and Development (OECD) Wednesday: After two years of closed-door discussions, the intergovernmental organization has adopted a declaration on government access to data held by private sector entities. The declaration, which has been adopted by the 38 OECD countries […]
Ion Group, a Dublin-based software company that helps financial institutions automate their critical business processes, has been hit by a ransomware attack that forced several European and U.S. banks to revert to manual processes. The cyberattack, which TechCrunch learned about on Tuesday, affected Ion’s Cleared Derivatives division, which provides software for automating the trading lifecycle and the […]
Royal Mail CEO Simon Thompson has confirmed that a cyberattack is to blame for the ongoing disruption at the U.K. postal giant. The admission comes almost a week after Royal Mail first said it was hit by an unspecified “cyber incident” that left the British mail service unable to dispatch items to overseas destinations. “We’ve confirmed that we’ve had a […]
Leave a Reply