Mint Mobile discloses new data breach exposing customer data

Mint Mobile has disclosed a new data breach that exposed the personal information of its customers, including data that can be used to perform SIM swap attacks.
Mint is a mobile virtual network operator owned by T-Mobile, offering budget, pre-paid mobile plans.
The company said they resolved the breach and are working with third-party cybersecurity experts to secure their systems.
Mint says they do not store credit card numbers, so they were not exposed.
The company did not make it clear from this statement if hashed passwords were accessed by the attacker.
The exposed data is concerning, as it is enough information for a threat actor to conduct SIM swapping attacks, which is when an attacker ports a person's number to their own device.
Once they gain access to the number, they can try to access the user's online accounts by performing password resets and receiving the OTP codes to get past multi-factor authentication.
Threat actors commonly use this technique to breach accounts at cryptocurrency exchanges, stealing all assets stored in the online wallet.
Mint says that customers do not need to take any action and can call customer support at 949- 704-1162 with any questions.
A Mint Reddit moderator has confirmed that this number was set up specifically to handle questions about the data breach.
While Mint has not disclosed details on how they were breached, the FalconFeeds threat intel service reported in July 2023 that a threat actor attempted to sell data on a hacking forum that was allegedly stolen from Mint Mobile and Ultra Mobile.
The threat actor said the data is a few months old but contained the last four digits of customers' credit cards, so it is unclear if the incident is related to the disclosed breach.
Mint Mobile previously suffered a data breach in 2021 when an unauthorized person accessed subscribers' account information and ported phone numbers to another carrier.
More recently, Mint's parent company, T-Mobile, suffered a massive data breach in January 2023 that exposed the data of 37 million accounts.
In May 2023, they suffered an additional breach, but this was much smaller, only exposing the data of 836 customers.
BleepingComputer has contacted Mint with questions about the attack and whether hashed passwords were exposed but has not received a reply.
PJ&A says cyberattack exposed data of nearly 9 million patients.
Healthcare software provider data breach impacts 2.7 million.
The password attacks of 2023: Lessons learned and next steps.
Xfinity discloses data breach affecting over 35 million people.


This Cyber News was published on www.bleepingcomputer.com. Publication date: Sat, 23 Dec 2023 01:40:24 +0000


Cyber News related to Mint Mobile discloses new data breach exposing customer data

New TTPs observed in Mint Sandstorm campaign targeting high-profile individuals at universities and research orgs - Since November 2023, Microsoft has observed a distinct subset of Mint Sandstorm targeting high-profile individuals working on Middle Eastern affairs at universities and research organizations in Belgium, France, Gaza, Israel, the United Kingdom, and ...
11 months ago Microsoft.com
Mint Mobile discloses new data breach exposing customer data - Mint Mobile has disclosed a new data breach that exposed the personal information of its customers, including data that can be used to perform SIM swap attacks. Mint is a mobile virtual network operator owned by T-Mobile, offering budget, pre-paid ...
11 months ago Bleepingcomputer.com
Tech Security Year in Review - In this Tech Security Year in Review for 2023, let's look into the top data breaches of the past year. Each factor contributes to the growing threatscape, demanding a proactive and adaptable cybersecurity approach to safeguard your organization ...
11 months ago Securityboulevard.com
Data Breach Response: A Step-by-Step Guide - In today's interconnected world, organizations must be prepared to respond swiftly and effectively in the face of a data breach. To navigate these challenges, a well-defined and comprehensive data breach response plan is essential. Let's explore the ...
10 months ago Securityzap.com
Adobe Real-Time CDP: Personalized Customer Experience - Adobe Experience Cloud Products like Adobe Real-Time CDP are available to assist. A revolutionary solution called Adobe Real-Time Customer Data Platform was created to assist companies in realizing the whole value of their customer data. Adobe ...
11 months ago Hackread.com
T-Mobile Admits to 37 Million Customer Records Stolen by ‘Bad Actor’ - In a shocking news, T-Mobile has admitted that 37 million customer records were stolen by a ‘bad actor’. This data breach happened sometime in the year 2020, when the mobile service provider suffered a data breach exposing personal information ...
1 year ago Nakedsecurity.sophos.com
FCC orders telecom carriers to report PII data breaches within 30 days - Starting March 13th, telecommunications companies must report data breaches impacting customers' personally identifiable information within 30 days, as required by FCC's updated data breach reporting requirements. FCC's final rule follows several ...
10 months ago Bleepingcomputer.com
Google Fi User Data Breached Through T-Mobile Hack - According to Google Fi's email sent to its customers on Monday, a limited amount of their customer data was exposed in T-Mobile's breach after suspicious activity was noted in a system that contained Google Fi's customer data. Google Fi, Google's ...
1 year ago Hackread.com
Mobile Insecurity: Unmasking the Vulnerabilities in Your Pocket - Mobile devices have become indispensable companions in our daily lives, offering us instant access to a world of information and services. On average, mobile users interact with more than 20 applications each day, making these handheld marvels ...
11 months ago Cyberdefensemagazine.com
E-commerce Security: Protecting Customer Data - In today's digital landscape, ensuring the security of customer data in e-commerce is a crucial concern for businesses. Protecting e-commerce data security is a complex task that requires a comprehensive understanding of the challenges faced by ...
10 months ago Securityzap.com
Review: Top 5 For Outsourced Customer Service Solutions UK and Abroad - For companies that have too many phone calls and emails to keep up, it is very common to outsource your customer services, either domestically in the UK or abroad to the likes of India or The Philippines. An outsourced customer service firm can ...
5 months ago Itsecurityguru.org
Is Your Organization Infected by Mobile Spyware? - The surge in mobile device usage within organizations has inevitably opened the floodgates to a new kind of cyber threat-mobile spyware. The growing dependence on mobile technology has made it imperative for organizations to recognize and mitigate ...
1 year ago Blog.checkpoint.com
Verizon insider data breach hits over 63,000 employees - Verizon Communications is warning that an insider data breach impacts almost half its workforce, exposing sensitive employee information. Verizon is an American telecommunications and mass media company providing cable TV, telecommunications, and ...
10 months ago Bleepingcomputer.com
Kroll reveals FTX customer info exposed in August data breach - Risk and financial advisory company Kroll has released additional details regarding the August data breach, which exposed the personal information of FTX bankruptcy claimants. Kroll said the exposed data included coin holdings and balances, which ...
11 months ago Bleepingcomputer.com
The Rise of Digital Customer Experience - Digital customer experience is a hot topic these days. In all seriousness, digital customer experience is one of the most important differentiators for your business. At its core, DCX is about the customer journey-a guided path for your customers to ...
1 year ago Feedpress.me
Mobile Device Security: Protecting Your Smartphone - To ensure the safety of your smartphone and protect your personal data from unauthorized access, it is crucial to take proactive steps to enhance mobile device security. Enable device encryption: Enable device encryption on your smartphone to protect ...
10 months ago Securityzap.com
Ushering in the Next Phase of Mobile App Adoption: Bolstering Growth with Unyielding Security - In recent years, mobile apps have surged in popularity providing consumers with instant access to a variety of life essentials such as finances, education, and healthcare to life's pleasures such as shopping, sports, and gaming. With the popularity ...
1 year ago Cyberdefensemagazine.com
CVE-2023-38297 - An issue was discovered in a third-party com.factory.mmigroup component, shipped on devices from multiple device manufacturers. Certain software builds for various Android devices contain a vulnerable pre-installed app with a package name of ...
7 months ago
How Can Data Breach Be A Trouble For Your Industry? - To navigate an era of cyber risks, this unsettling reality necessitates a renewed focus on data integrity protection and digital asset protection. In this blog, we will discuss a data breach in the Hospitality industry. Some of the companies like MGM ...
11 months ago Securityboulevard.com
Iranian Phishing Campaign Targets Israel-Hamas War Experts - Iran-linked threat actors are targeting high-profile researchers working on the Israel-Hamas conflict via a sophisticated social engineering campaign, according to Microsoft Threat Intelligence. The threat actor Mint Sandstorm, which has ties to ...
11 months ago Infosecurity-magazine.com
EasyPark discloses data breach that may impact millions of users - Parking app developer EasyPark has published a notice on its website warning of a data breach it discovered on December 10, 2023, which impacts an unknown number of its millions of users. EasyPark is a Swedish company that creates mobile and web apps ...
11 months ago Bleepingcomputer.com
Mortgage firm LoanCare warns 1.3 million people of data breach - Mortgage servicing company LoanCare is warning 1,316,938 borrowers across the U.S. that their sensitive information was exposed in a data breach at its parent company, Fidelity National Financial. LoanCare is a sub-servicing and interim sub-servicing ...
11 months ago Bleepingcomputer.com
Halara probes breach after hacker leaks data for 950,000 people - Popular athleisure clothing brand Halara is investigating a data breach after the alleged data of almost 950,000 customers was leaked on a hacking forum. The Hong Kong company was founded in 2020 and quickly became very popular through the many ...
11 months ago Bleepingcomputer.com
Ticketmaster confirms massive breach after stolen data for sale online - Live Nation has confirmed that Ticketmaster suffered a data breach after its data was stolen from a third-party cloud database provider, which is believed to be Snowflake. While the breach has allegedly exposed the data of over 560 million ...
6 months ago Bleepingcomputer.com
Live Nation finally confirms massive Ticketmaster data breach - Live Nation has confirmed that Ticketmaster suffered a data breach after its data was stolen from a third-party cloud database provider, which is believed to be Snowflake. While the breach has allegedly exposed the data of over 560 million ...
6 months ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)