In an internal notice sent to its stores, as reported by the T-Mo Report, T-Mobile informs its employees of a new, more secure method of authorizing SIM changes. The customer will now be required to provide SMS verification when requesting SIM changes, such as transferring a number to a new SIM. The alternative is the change to be verified by two employees using their credentials.
T-Mobile's new measure against unauthorized SIM changes may come in response to the new requirement proposed by the Federal Communications Commission (FCC). The FCC proposed that service providers identify the customer before beginning a port-out to another carrier and notify customers immediately when a SIM change or port request occurs.
The new T-Mobile measure is a step forward in solving the problem of unauthorized SIM changes because T-Mobile defenses against attackers have been breached more than once.
Over these few years, T-Mobile clients have become victims of constant SIM swap scams and port-out attacks. As attackers utilized the stolen phone numbers from the SIM swaps to receive two-factor authentication SMS codes, many clients lost a lot of money due to these scams, including cryptocurrency.
In August, T-Mobile became a victim of a data breach. The hack affected over 54 million people. Customer names, driver's license numbers, Social Security numbers, and device identification numbers were all leaked.
The new SIM change procedure was implemented on December 14th and is now in effect.