Google Fi seemingly affected by latest T-Mobile data breach

Not everyone got this version of the notice. Here&#x27;s a reddit user who posted [1] that they were SIM swapped:<p>&gt; Additionally, on January 1, 2023 for about 1 hour 48 minutes, your mobile phone service was transferred from your SIM card to another SIM card. During the time of this temporary transfer, the unauthorized access could have involved the use of your phone number to send and receive phone calls and text messages. Despite the SIM transfer, your voicemail could not have been accessed. We have restored Google Fi service to your SIM card.<p>[1]: <a href="https:&#x2F;&#x2F;old.reddit.com&#x2F;r&#x2F;GoogleFi&#x2F;comments&#x2F;10pjtie&#x2F;google_fi_data_breach&#x2F;j6kysv8&#x2F;" rel="nofollow">https:&#x2F;&#x2F;old.reddit.com&#x2F;r&#x2F;GoogleFi&#x2F;comments&#x2F;10pjtie&#x2F;google_fi...</a>

A reasonable headline could state &quot;Google Fi essentially not affected by latest T-Mobile data breach&quot;. Look at the data &quot;breached&quot;:<p>&gt; limited data including when your account was activated, data about your mobile service plan, SIM card serial number, and active or inactive account status.<p>&gt; It does not contain your name, date of birth, email address, payment card information, social security number or tax IDs, driver’s license or other form of government ID, or financial account information, passwords or PINs that you may use for Google Fi, or the contents of any SMS messages or calls.<p>I mean, that&#x27;s almost the minimum amount of data T-Mobile has to have to provide the service to Google Fi customers, and nothing else. The actual customer data is probably stored at Google, and is perfectly safe. The chances of someone being able to use the leaked data in a nefarious way seem practically nil.

When will T-Mobile take accountability for their repeated data breaches and fix the systemic issues? Is there anyone in the company who cares enough to do something?

The same probably goes for other MVNO carriers such as Mint and Ting. The PII and billing data is with the MVNO carriers.<p>I buy my SIM cards anonymously. I never use cellular near my house and only use it for data over a VPN. So it would not affect me if all of their data was breached.

This could be a dumb question, and I assume the answer is no, but could the SIM serial data potentially be used to aid in a SIM spoof attack?

Kind of upset that Google didn’t provide any details about the context of the breach itself in the email they sent me, just a vague “someone had a breach and don’t blame us”.

If anyone is worried about a potential SIM swap attack due to this breach, you can order a new SIM card free of charge at <a href="https:&#x2F;&#x2F;fi.google.com&#x2F;ordersim" rel="nofollow">https:&#x2F;&#x2F;fi.google.com&#x2F;ordersim</a>

Because it’s buried a few links deep:<p>T-Mobile detected the breach January 5 and shut it down “within a day”<p>But<p>It started approximately November 25th, so the attackers were there for at least a month and a half, pulling 37,000,000 records before anyone noticed.

After all these years, Google Fi still has NOT add 5G support on iPhones, now another data breach, nice!

I signed up for Google Fi after the beach... But yikes.