Italian Mobile Operator Offers To Replace SIM Cards After Massive Data Breach (zdnet.com) 14
Ho Mobile, an Italian mobile operator, owned by Vodafone, has confirmed a massive data breach on Monday and is now taking the rare step of offering to replace the SIM cards of all affected customers. From a report: The breach is believed to have impacted roughly 2.5 million customers. It first came to light last month on December 28 when a security analyst spotted the telco's database being offered for sale on a dark web forum. While the company initially played down these initial reports, Ho confirmed the incident on Monday, in a message posted on its official website and via SMS messages sent to all impacted customers. Ho's statement confirms the security researcher's assessment that hackers broke into Ho's servers and stole details on Ho customers, including full names, telephone numbers, social security numbers, email addresses, dates and places of birth, nationality, and home addresses. While the telco said no financial data or call details were stolen in the intrusion, Ho admitted that hackers got their hands on details related to customers' SIM cards.
Really.... (Score:3)
Ho Operator: So yes sir, we leaked all of the information required to basically impersonate you and steal your identity, but don't worry, your texts to your Aunt Millie are all safe and secure.
Phone Owner:Uhm, Ok.
Ho Operator: So to make things all better sir, we are going to just give you a new SIM card.
Phone Owner: Uhm, so the new SIM card will keep the identity thieves away?
Ho Operator: Oh sir, you are silly. Thank You for the laugh and your continued business.
Re: (Score:2)
Ho Operator: So yes sir, we leaked all of the information required to basically impersonate you and steal your identity, but don't worry, your texts to your Aunt Millie are all safe and secure.
Phone Owner:Uhm, Ok.
Ho Operator: So to make things all better sir, we are going to just give you a new SIM card.
Phone Owner: Uhm, so the new SIM card will keep the identity thieves away?
Ho Operator: Oh sir, you are silly. Thank You for the laugh and your continued business.
So you get a new SIM card and move your phone number to it. What has that accomplished?
Isn't that like buying a new phone and transferring the number to it because your ex won't stop calling you?
Re: (Score:2)
Yup. It is even worse than the ex still being able to call you. Your ex can now call you to tell you that she has taken all your important financial information and sold it to some shady guy in the corner of the bar.
Re: (Score:2)
Re: (Score:1)
That leaves you open to all the other attacks based on all the other data they leaked and then you have to consider if you trust Ho enough to still stay with them even with a new sim...
GDPR? (Score:3)
There's no way that social security numbers, dates and places of birth are required to a
a cell phone account. Maybe to validate some Gov requirement on opening, but after that under GDPR the info should have been deleted.
Re: (Score:2)
There's no way that social security numbers, dates and places of birth are required to a
a cell phone account. Maybe to validate some Gov requirement on opening, but after that under GDPR the info should have been deleted.
There is also no way that info was on the SIM card in the first place.
Re: (Score:2)
There's no way that social security numbers, dates and places of birth are required to a manage a cell phone account.
Came to say pretty much this. If my Social Insurance Number and/or date of birth were required for a phone account then I simply wouldn't have a phone.
Re: (Score:1)
Looks like you screwed up your formatting. Would you like Clippy to help?
Re: (Score:2)
Re: (Score:3, Informative)
There's no way that social security numbers, dates and places of birth are required to a manage a cell phone account. Maybe to validate some Gov requirement on opening, but after that under GDPR the info should have been deleted.
Actually, in Italy mobile operators are required by law to collect and keep that data for law enforcement purposes.
However, the Italian equivalent of the social security number is not meant to be a secret and is never used as such (as it can be easily computed from the name, date and place of birth). It's also mandatory on invoices, so a lot of businesses have it. Identity theft is less of a problem in Italy, because information alone is not enough to impersonate somebody. In all sensitive situations (like
Financial information? (Score:3)
including full names, telephone numbers, social security numbers, email addresses, dates and places of birth, nationality, and home addresses. While the telco said no financial data or call details were stolen in the intrusion
Well, thank goodness they didn't get any financial data. I mean, they got everything else they'd need to get that data on their own, but at least they don't have it yet, so I guess you get a big fat pat on the back for doing such a good job safeguarding the financial data, you tone deaf morons.
Re: sim information leak (Score:1)
In the data leaked there is the internal id of the sim, something that can be used to clone the sim itself and that with some fishing and/or social engineering call lead to break 2FA autentication schemes.
That is why, beside your own trust for Ho, a sim swap, can mitigate the issue as the new sim will have a new id and after that your 2FAs should be safe.