Vodafone Subsidiary Reported Data Breach, Warns About Potential SIM Swapping

Ho Mobile, a subsidiary of Vodafone has reported a data breach incident where a part of its database was stolen by hackers. This affected about 2.5 million users, who got their PII and technical data about their SIM card was stolen, which could give rise to SIM swapping attacks. Ho is now offering free SIM cards to affected users.

Data Breach at Vodafone’s Subsidiary

Ho Mobile is an Italian low-cost telecom operator and a subsidiary of Vodafone. It’s reported that since December 22nd last year, a database belonging to Ho Mobile was being sold in a dark web forum for around $50,000. This was reported by a researcher called Bank Security.

An initial statement on this by the company denied any hack in its systems but later confirmed that it suffered a data breach. It admitted that details belonging to over 2.5 million users like the full customers’ name, surname, phone number, email, date, and place of birth, nationality, and address were stolen.

Also, the SIM technical data like the SIM Integrated Circuit Card Identification Number (ICCID) was stolen. This is a unique number storing the card’s country, home network, and identification details, and in the lot, can let a hacker perform SIM swapping attacks easily.

Few researchers have already tested the sample of that offering database and found it to be valid after verifying by contacting some of the customers. It’s said that one party has already purchased the database, with many showing interests in buying at this moment.

In SIM swapping technique, an attacker with enough details like above can assign the victim’s phone number to the SIM he’s possessing, thus able to get all the phone calls and text messages to him. Since this could be terrible, Ho Mobile has announced to offer their users free SIM exchange.

This includes the customers visiting the Ho Mobile store with their valid Identity document for physical verification, and get a new number. Ho Mobile is already in the process of informing all its customers and assuring them that no web traffic, phone calls, or the SMS were affected by this incident.

LEAVE A REPLY

Please enter your comment!
Please enter your name here