Security Affairs
Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Mobile virtual network operator Mint Mobile discloses a data breach

Mobile virtual network operator Mint Mobile suffered a new data breach, threat actors had access to customers’ personal information. Mint Mobile experienced a recent data breach, exposing customers’ personal information to unauthorized access by threat actors. Mint Mobile is a mobile virtual network operator (MVNO) that offers prepaid mobile phone services. As an MVNO, Mint […]

Mint Mobile

Source X account Cyle Rickner

Mobile virtual network operator Mint Mobile suffered a new data breach, threat actors had access to customers’ personal information.

Mint Mobile experienced a recent data breach, exposing customers’ personal information to unauthorized access by threat actors.

Mint Mobile is a mobile virtual network operator (MVNO) that offers prepaid mobile phone services. As an MVNO, Mint Mobile doesn’t own its own wireless infrastructure. In March of 2023, T-Mobile US acquired the mobile virtual network operator.

The company is investigating into the incident with the help of leading forensic cybersecurity experts.

On December 22, 2023, Mint Mobile started notifying impacted customers.

“We are writing to inform you about a security incident we recently identified in which an unauthorized actor obtained some limited types of customer information. Our investigation indicates that certain information associated with your account was impacted.” reads the data breach notification email sent to the impacted customers. “Mint’s data collection policy is one of the most important ways in which we ensure the privacy and security of our subscribers. We never collect dates of birth or government-assigned identifiers like social security numbers or driver license ”

Mint pointed out that financial data and passwords were not exposed.

Source X account Cyle Rickner

Exposed information includes Names, Number, Email Address, SIM Serial Number and IMEI, and Service Plan info. The company did not disclose the number of impacted customers.

Bleeping Computer correctly pointed out that threat actors can use the exposed data to carry out SIM swapping attacks

In July 2021, Mint Mobile disclosed another data breach, an unauthorized attacker gained access to subscribers’ account information and ported phone numbers.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)