Mint Mobile Hit by a Data Breach: Numbers Ported, Data Accessed

Mint Mobile, backed by Hollywood star Ryan Reynolds, recently announced a “small” data breach involving the theft of subscribers' account information and their phone numbers being ported to another carrier.

The breach allowed a threat actor to access Mint Mobile customer information and temporarily gain control of account data which included names, addresses, telephone numbers, account numbers and other subscription-related data.

Screen Shot 2021-07-15 at 1.21.27 PM

"Between June 8, 2021 and June 10, 2021, a very small number of Mint Mobile subscribers' phone numbers, including yours, were temporarily ported to another carrier without permission," according to a Mint Mobile message sent to its affected customers.

“Threat actors” are simply any group or individual “acting” in a manner that “threatens” the security of an entity or organization. Also called “malicious actors,” these threats can be either internal or external. From an IT security perspective, these threats are a constant reminder of the challenges facing data collection and the importance of protecting data in today’s cloud-driven business world.

Mint Mobile did not disclose the means in which the hacker(s) obtained this user data, but one can reasonably assume either user accounts or a Mint Mobile app was compromised. 

According to past news reports, mobile carrier data breaches have even involved thieves bribing customer service representatives into releasing sensitive user/customer data. Such data could be used to steal subscriber identities or gain access to other user accounts, including banking or other financial services accounts, in turn creating a host of problems for those affected by the breach.

Screen Shot 2021-07-15 at 1.30.18 PM

While no security measure can prevent bribery, Dasera’s approach to protecting data is both innovative and creative. We already know “Why” customer data is targeted by criminals and other hackers, so we target the “Who, What, Where and How” of data security:

  1. Who has access to what data?
  2. What regulatory and security properties apply to that data?
  3. Where is data stored, moved, or copied to?
  4. How is data being used?

By seeking answers to these questions, our clients gain greater control over the data and greatly reduce their exposure to such attacks. Dasera analyzes your cloud data to detect and prevent risks to sensitive data. We carefully review and scrutinize data at every point of its lifecycle. Consider a few of our platform strengths:

  • Track and know where sensitive data is located.
  • Stop exfiltration and reduce risk of data theft.
  • Prevent privacy violations and data compliance fines.
  • Train and coach employees who exhibit risky behaviors.
  • Give more people access to data without increasing risk.
  • Detect errors in access control policies.

Learn more about Dasera’s unique approach to these data security challenges at Explore Dasera Use Cases.


Tu Phan