SIM Swap Attack Targets Verizon Customers

SIM Swap Attack Targets Verizon Customers

Recently, Verizon experienced a minor but significant data breach. Between October 6, 2022, and October 10, 2022, an unknown malicious actor gained access to Verizon’s prepaid wireless accounts, compromising approximately 250 individuals.

According to a letter to customers, Verizon discovered the breach after noticing “unusual activity” on its network.

Due to the data breach, a SIM swap attack has been launched. Threat actors can take over the target’s phone number by convincing their mobile carriers to switch the target’s number to a SIM card controlled by the attackers.

Verizon warned its customers that the breach exposed the last four digits of their credit card numbers, which could result in fraudulent SIM card swaps. Additional customer data such as phone numbers, mailing addresses, account plans, and credit card information has been compromised. Verizon has confirmed that the attack did not compromise bank account information, passwords, social security numbers, tax IDs, or other sensitive information.

As a result of the data breach, Verizon reset the account security codes of an unspecified number of accounts.

Verizon reported that the company had successfully blocked any further unauthorized access to its customer’s accounts. Additionally, Verizon stated that it did not find any indication that the malicious activity was still ongoing.

Verizon’s customers can protect themselves from SIM swapping attacks by activating the company’s free “Number Lock” protection feature. Once a phone number is locked, it cannot be transferred to another device or service provider. Unless the account owner removes the lock, SIM swapping will be impossible.

Verizon users are urged to reset their pin codes, update passwords, and modify security questions to protect themselves against future attacks.

Customers are encouraged to review their information by logging into their Verizon account. Those who notice anything unusual should get in touch with Verizon directly.

The Verizon data breach serves as a reminder that even well-established businesses are susceptible to attack. However, customers can take steps to protect themselves, such as utilizing the ‘Number Lock’ security feature. By taking precautions and monitoring their accounts, customers can help ensure the security of their information.

New Data Breach Hits US Cellular Company

It’s the dawning of a new year and the hackers of the world have been busy.  This time it’s US Cellular caught in the crosshairs.

The company recently reported that their billing system was hacked and they sent breach notification letters to more than four hundred impacted individuals.

US Cellular is the fourth largest carrier in the United States.  Only 405 of the company’s customers seem to have been affected which makes this attack quite small in terms of scope and scale.  That’s small consolation if you’re one of the unlucky US Cellular customers to have received a notification in the mail.

The company had this to say about the incident:

“On December 13, 2021, UScellular detected a data security incident in which unauthorized individuals illegally accessed our billing system and gained access to wireless customer accounts that contain personal information.

Information in customer accounts include name, address, PIN code and cellular telephone number(s) as well as information about wireless services including service plan, usage and billing statements.

Sensitive personal information, such as Social Security number and credit card information, is masked within the CRM system. At this time, we have no indication that there has been unauthorized access to your UScellular online user account.”

If you haven’t received a notification in the mail from US Cellular then it’s  most likely that your account record was not compromised. Out of an abundance of caution, you may want to reset your account password and be on the lookout for suspicious emails targeting you. Now you may be more likely to be on the receiving end of phishing emails for a time.

Kudos to US Cellular for their rapid response.  Sadly we’ll probably be seeing a lot more of this kind of thing in the year ahead.

FCC Approves Plans For WiFi 6 To Open Wireless Spectrum

The Federal Communications Commission (FCC) gets a lot of bad press.  Sometimes there are good reasons for that but much of the time there are not really any good reasons.  As the nation’s lead spectrum regulator their primary job is to balance all needs and factors. They are supposed to arrive at decisions that do the best for the greatest number of people.

Recently mobile carriers led by AT&T have been lobbying hard against a plan by the FCC to allow the 6GHz band to be used without a license. This means that consumers will be able to use wireless routers designed to take advantage of that band in their homes without headache or hassle.

AT&Ts position has been that their company and the other carrier companies would prefer to have exclusive access to a portion of the 6GHz band in order to minimize the interference of their existing network of cell towers. The towers rely on the 6GHz band to help smartphones maintain their connection to the internet.

Based on the FCC’s research such risks are minimal. The agency did not feel a great need to cater to big business for what amounts to a few highly improbable edge cases.

Recently the US Court of Appeals for the District of Columbia ruled in support of the FCC’s position.  AT&T and the other carriers had no immediate comment on the ruling, but this must be seen as a big win for US consumers.  Ultimately it will mean faster wireless connection speeds which will translate to greater convenience for end users.

Kudos to the FCC for fighting the good fight and for the Court of Appeals for not trying to second guess the FCC and their expertise.  Although there may be a few isolated cases where existing cellphone operations are nominally impacted, the weight of the evidence suggests that the Court made the right call here.