Security Experts:

Connect with us

Hi, what are you looking for?


Data Breaches

Google Fi Data Breach Reportedly Led to SIM Swapping

Google Fi informs customers about a data breach related to the recent T-Mobile cyberattack and some users claim they were targeted in a SIM swapping attack

The Google Fi telecommunications service has informed customers about a data breach that appears to be related to the recently disclosed T-Mobile cyberattack. 

Google Fi, which provides wireless phone and internet services, has told customers that the breach is related to its primary network provider, without naming it. 

However, T-Mobile is Google Fi’s primary network provider, which means the incident is likely related to the hacker attack disclosed by the wireless carrier in mid-January. 

Google Fi said there had been unauthorized access to a third-party customer support system containing a “limited amount” of customer data. This data includes phone number, account activation date, mobile service plan, SIM card serial number, and account status.

The company says names, dates of birth, email addresses, payment card details, social security numbers, financial account information, passwords or PINs were not exposed. Hackers also did not gain access to the content of calls or SMS messages. 

“There was no access to Google’s systems or any systems overseen by Google,” customers were told. 

Google Fi data breach
Google Fi data breach notification

Most of the impacted customers do not need to take any action — except be on the lookout for phishing attempts. However, one Google Fi user reported on Reddit that their notification also informed them that their mobile phone service had been transferred from their SIM card to another SIM card for nearly two hours on January 1. 

The notification from Google Fi, according to the impacted customer, read, “During the time of this temporary transfer, the unauthorized access could have involved the use of your phone number to send and receive phone calls and text messages. Despite the SIM transfer, your voicemail could not have been accessed. We have restored Google Fi service to your SIM card.”

The customer confirmed that their SIM card had been targeted in a SIM swapping attack on January 1, and claimed that the hacker used it to access three online accounts, including email, financial account, and the Authy authenticator app. 

“I tried reporting this repeatedly to Google Fi, including with detailed evidence, and their customer support reps didn’t believe me and didn’t follow up,” the customer said. “They thought this was a standard password compromise or something, even though I could clearly see from activity logs that the hacker reset my passwords rather than logging in and then changing them, and I could see in the Google Fi activity logs the SMSes I didn’t receive that they used to compromise my accounts.”

As for T-Mobile, the company said it detected a data breach on January 5. The threat actor, which has not been identified, apparently abused an API to access customer account data such as name, billing address, phone number, email, date of birth, and service information. Roughly 37 million current postpaid and prepaid customer accounts are impacted. 

Related: Hackers Accessed Information of T-Mobile Prepaid Customers

Related: T-Mobile Notifying Customers of Another Data Breach

Related: Lapsus$ Hackers Gained Access to T-Mobile Systems, Source Code 

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Data Breaches

A group of hackers has leaked Atlassian employee records and floorplans, information that was obtained from third-party workplace platform Envoy.


Instant Checkmate and TruthFinder have disclosed data breaches affecting a total of more than 20 million users.

Data Breaches

AT&T is notifying millions of wireless customers that their CPNI was compromised in a data breach at a third-party vendor.

Data Breaches

Health services company Independent Living Systems has disclosed a data breach that impacts more than 4 million individuals.

Data Breaches

Companies affected by the recent Mailchimp data breach have started notifying customers. The list includes WooCommerce, FanDuel, Yuga Labs and the Solana Foundation.