T-Mobile has had more data breaches in recent years than I can even count or keep track of, and the latest appears to have affected customers that aren't even their own subscribers. Tonight, google Fi is sharing information with customers about their data being accessed, thanks to their “primary network provider” noticing suspicious activity on a system they utilize.
For those who aren't familiar, Google Fi uses T-Mobile's network for the majority of its connections. The “primary network provider” is almost guaranteed to be T-Mobile in this situation and that recent T-Mobile data breach could very well be tied to Google Fi accounts.
According to an email hitting Google Fi customer inboxes tonight, Google is telling folks that T-Mobile informed them of “suspicious activity relating to a third party system that contains a limited amount of Google Fi customer data.” That customer data includes “when your account was activated, data about your mobile service plan, SIM card serial number, and active or inactive account status.” it does not contain “name, date of birth, email address, payment card information, social security number or tax IDs, driver's license or other form of government ID, or financial account information, passwords or PINs that you may use for Google Fi, or the contents of any SMS messages or calls.”
At this time, Google Fi says there is no action for you to take, they are simply informing you of the situation. They also made it clear that they confirmed the unauthorized access and are working with T-Mobile to implement measures to secure all this data.
Here is the full text of the email:
Dear Google Fi customer,
We're writing to let you know that the primary network provider for Google Fi recently informed us there has been suspicious activity relating to a third party system that contains a limited amount of Google Fi customer data.
There is no action required by you at this time.
This system is used for Google Fi customer support purposes and contains limited data including when your account was activated, data about your mobile service plan, SIM card serial number, and active or inactive account status.
It does not contain your name, date of birth, email address, payment card information, social security number or tax IDs, driver's license or other form of government ID, or financial account information, passwords or PINs that you may use for Google Fi, or the contents of any SMS messages or calls.
Our incident response team undertook an investigation and determined that unauthorized access occurred and have worked with our primary network provider to identify and implement measures to secure the data on that third party system and notify everyone potentially impacted. There was no access to Google's systems or any systems overseen by Google.
If you are an active Fi user, please note that your Google Fi service continues to work as usual and was not interrupted by this issue.
What does this mean for me?
- The accessed information included your phone number and limited technical information. This includes information about when your account was activated, SIM card serial number, account status (for example, whether your plan is active or inactive), and limited details about the mobile service plan and options provided by your Google Fi service (such as unlimited SMS or international roaming).
For more information
- As always, be alert for phishing attempts. For more about best practices, see our advice on how to avoid phishing.
- Read more about keeping your Google Fi information safe.
- We're always here for our customers and available to offer support. If you have any questions or require assistance, please see this Help Center article for contact options and reference issue ID 267187948.
Google Fi Team
If you have concerns, they recommend you reach out to customer support.