Mobile Virtual Network Operator (MVNO) google phi has reported a breach involving a third-party system containing a “limited amount” of Google Fi customer data.
We confirmed that the stolen data included information on when accounts were activated, data about individual mobile service plans, SIM card serial numbers, and active or inactive account status.
“Does not include your name, date of birth, email address, payment card information, social security or tax ID number, driver’s license or other form of government ID, financial account information, passwords or PINs used with Google Fi. or content of SMS messages or calls” and Information security.
Additionally, Google informed affected customers that its Fi incident response team conducted an investigation and concluded that unauthorized access had occurred.
“[We] We have worked with major network providers to identify and implement measures to protect data on their third-party systems and to notify anyone who may be impacted. “
Google Fi has not confirmed the network provider behind the breach, but the company uses a combination of T-Mobile and US Cellular for network connectivity.
T-Mobile then revealed another violation About two weeks ago, tens of millions of customers had their information accessed via APIs by malicious actors.
“This is another example of how subcontracting services to others can cause problems for major organizations,” he said. KnowBe4.
“When things go wrong, this practice is fairly common, but the results still matter. Given T-Mobile’s history of related breaches, it’s likely that Google will take additional and more stringent action than T-Mobile currently does.” It was wise to ask for security measures, they are in place.”
More generally, Kron said Information security The email explains that breaches involving cellular networks are particularly dangerous because many people use multi-factor authentication (MFA) to protect their financial information.
“If you can play a villain, SIM swap Or, receiving these messages on behalf of the user could render the protections provided by MFA useless,” explained the security expert.
“Security measures should be reviewed on a regular basis and any failure of a subcontractor to protect your data should be considered until the end of the contract.”
