Mint Mobile, a mobile virtual network operator (MVNO) recently experienced a data breach, exposing customers’ personal information to unauthorized access by threat actors. Mint Mobile, known for offering prepaid mobile phone services, doesn’t own its wireless infrastructure but relies on T-Mobile US, which acquired the MVNO in March 2023. The breach, which occurred in December 2023, prompted Mint Mobile to initiate an investigation with the assistance of leading forensic cybersecurity experts.
On December 22, 2023, the company began notifying impacted customers, stating that certain types of customer information were accessed by an unauthorized actor. However, Mint Mobile assured customers that financial data and passwords were not compromised. The exposed information includes names, phone numbers, email addresses, SIM serial numbers, IMEI numbers, and service plan details. Notably, Mint Mobile emphasized in its data breach notification that it doesn’t collect sensitive information like dates of birth, social security numbers, or driver’s license details, underlining its commitment to privacy and security.
This incident follows a previous data breach reported by Mint Mobile in July 2021, where unauthorized access led to the compromise of subscribers’ account information and phone number porting. The current breach raises concerns about potential SIM swapping attacks, as threat actors could leverage the exposed data for such malicious activities. Mint Mobile is actively investigating the breach, and affected customers are being informed of the situation.