from Hacker News

Google Fi Data Breach

by stefap2 on 1/31/23, 1:40 AM with 7 comments

We got this email about recent data breach. Honestly after this email, still not sure what would be the consequences of someone knowing a serial number of my SIM card:

Dear Google Fi customer,

We’re writing to let you know that the primary network provider for Google Fi recently informed us there has been suspicious activity relating to a third party system that contains a limited amount of Google Fi customer data.

There is no action required by you at this time.

This system is used for Google Fi customer support purposes and contains limited data including when your account was activated, data about your mobile service plan, SIM card serial number, and active or inactive account status.

It does not contain your name, date of birth, email address, payment card information, social security number or tax IDs, driver’s license or other form of government ID, or financial account information, passwords or PINs that you may use for Google Fi, or the contents of any SMS messages or calls.

Our incident response team undertook an investigation and determined that unauthorized access occurred and have worked with our primary network provider to identify and implement measures to secure the data on that third party system and notify everyone potentially impacted. There was no access to Google's systems or any systems overseen by Google.

If you are an active Fi user, please note that your Google Fi service continues to work as usual and was not interrupted by this issue.

What does this mean for me? The accessed information included your phone number and limited technical information. This includes information about when your account was activated, SIM card serial number, account status (for example, whether your plan is active or inactive), and limited details about the mobile service plan and options provided by your Google Fi service (such as unlimited SMS or international roaming).

For more information As always, be alert for phishing attempts. For more about best practices, see our advice on how to avoid phishing. Read more about keeping your Google Fi information safe. We’re always here for our customers and available to offer support. If you have any questions or require assistance, please see this Help Center article for contact options.

Sincerely,

Google Fi Team

  • by CTMinsights on 1/31/23, 2:53 AM

    I got the notice as well. Would help if they said exactly what "limited technical information" was potentially accessed, not just that it "included" our serial numbers. If the ICCID and KI numbers were accessed, attackers could duplicate the SIM card and intercept things like text messages used for account logins at banks.

    If ICCID and KI data wasnt available, they should say so. This reads like a breach notification written by legal, not engineers.

  • by Kukumber on 1/31/23, 2:00 AM

    It's not "Google Fi Data Breach"

    it is "Google Fi affected by T-Mobile data breach"

    https://9to5google.com/2023/01/30/google-fi-data-breach-tmob...

  • by Gwindarr on 1/31/23, 2:58 AM

    I got the same email. If they match the number to your info in some other data breach does the sim serial number + all other data pose any risk of sim swap attack? Has anyone transferred a Google Fi # before?

  • by pet1713 on 1/31/23, 2:04 AM

    I got the same email...US Diplomats us google fi... international..

  • by pet1713 on 1/31/23, 2:03 AM

    I got the same email