Mint Mobile Hit by a Data Breach: Numbers Ported, Data Accessed

Tu Phan
Author

Tu Phan

Mint Mobile, backed by Hollywood star Ryan Reynolds, recently announced a “small” data breach involving the theft of subscribers' account information and their phone numbers being ported to another carrier.

The breach allowed a threat actor to access Mint Mobile customer information and temporarily gain control of account data which included names, addresses, telephone numbers, account numbers and other subscription-related data.

Screen Shot 2021-07-15 at 1.21.27 PM

"Between June 8, 2021 and June 10, 2021, a very small number of Mint Mobile subscribers' phone numbers, including yours, were temporarily ported to another carrier without permission," according to a Mint Mobile message sent to its affected customers.

“Threat actors” are simply any group or individual “acting” in a manner that “threatens” the security of an entity or organization. Also called “malicious actors,” these threats can be either internal or external. From an IT security perspective, these threats are a constant reminder of the challenges facing data collection and the importance of protecting data in today’s cloud-driven business world.

Mint Mobile did not disclose the means in which the hacker(s) obtained this user data, but one can reasonably assume either user accounts or a Mint Mobile app was compromised. 

According to past news reports, mobile carrier data breaches have even involved thieves bribing customer service representatives into releasing sensitive user/customer data. Such data could be used to steal subscriber identities or gain access to other user accounts, including banking or other financial services accounts, in turn creating a host of problems for those affected by the breach.

Screen Shot 2021-07-15 at 1.30.18 PM

While no security measure can prevent bribery, Dasera’s approach to protecting data is both innovative and creative. We already know “Why” customer data is targeted by criminals and other hackers, so we target the “Who, What, Where and How” of data security:

  1. Who has access to what data?
  2. What regulatory and security properties apply to that data?
  3. Where is data stored, moved, or copied to?
  4. How is data being used?

By seeking answers to these questions, our clients gain greater control over the data and greatly reduce their exposure to such attacks. Dasera analyzes your cloud data to detect and prevent risks to sensitive data. We carefully review and scrutinize data at every point of its lifecycle. Consider a few of our platform strengths:

  • Track and know where sensitive data is located.
  • Stop exfiltration and reduce risk of data theft.
  • Prevent privacy violations and compliance fines.
  • Train and coach employees who exhibit risky behaviors.
  • Give more people access to data without increasing risk.
  • Detect errors in access control policies.

Learn more about Dasera’s unique approach to these data security challenges at Explore Dasera Use Cases.

Dasera

Dasera helps cloud-first organizations secure data that traditional tools like access control and DLP aren’t designed to address. The platform manages data sprawl, monitors data in-use, and discovers misconfiguration and permission errors. Only Dasera secures the entire cloud data lifecycle - from creation to archival. Named among the 10 Hottest Cloud Security Startups Of 2021 by CRN, Dasera was co-founded by serial-entrepreneurs Ani Chaudhuri and Noah Johnson and is backed by Sierra Ventures, One Way Ventures, Saama Capital, Sand Hill Angels, and others.


To learn more, visit www.dasera.com or contact us at info@dasera.com

You May also Like: