As part of our regular security operations, the team diligently gathers information and news to catch and thwart any event that could cause security threats to our ecosystem. One of the scenarios that we have been monitoring is the data breach at U.S. telecoms company T-Mobile.

T-Mobile, the third-largest mobile network operator in the U.S. recently confirmed that it alerted users who fell victim to SIM swap attacks in December 2021. A few months prior to that, the telecom company suffered a major data breach in August 2021.

Our threat intelligence and research teams have found that some hacker groups are now using data from the T-Mobile data breach to perform social engineering on financial institutions. To protect your assets, we are recommending that all of our customers, especially those who use T-Mobile as their service provider, take the following actions:

  1. If you are using the App, set up Two-Factor Authentication (2FA).
    Instructions here
  2. Update and use a different PIN from what you may have used with your mobile service provider. Avoid numbers that are easy to guess, such as your date of birth or your SSN.
  3. Change your personal email password (especially if this is the same password you are using with your mobile service provider), and enable 2FA where possible.
  4. Add 2FA in your personal email account, and use a 2FA app on a different device to your applications.
  5. Turn on your SIM PIN to ensure you lock your SIM card from being swapped.
    Contact your mobile service provider if you are unsure how.
  6. Turn on Anti-Phishing code in the app, which further protects you from potential phishing email scams.
  7. Turn on Face ID / Touch ID on your phone for further enhanced protection of your mobile device.

If you have any questions regarding how to secure your accounts, please reach out to us at [email protected] We’re here to help.