I have. The mobile confirms the (partial) theft of data, that is what users must do to defend themselves

Ho. Mobile confirmed today that he had suffered a hacker attack by unknown persons (we have Announced December 29).

However, the company reports that only a part of the clients have been impacted, but at the moment it does not provide a precise number; stolen, as feared, the sim’s personal data and identification, but adds that there was no theft of traffic data, no banking or payment systems.

Since last December 28, it is also announced that I have. Mobile, the investigations were initiated in collaboration with the investigating authorities in Data leakage of data from your mobile phone customers and the Privacy Guarantor has been informed. Let’s remember that the data was on sale since December 22 on the dark web.

What happened in the attack ho? Mobile

Hackers attack on ho. The mobile, we briefly recall, had caused a massive exfiltration of users’ personal data, including the first and last name, date of birth, city of residence, the ICCID (integrated circuit identification card) of the SIM card and the telephone number.

After the theft of data, the attackers put up for sale in the Dark web a database discovered by security experts at Bank Security, according to which the package contained the information of 2.5 million users of the telephone operator.

Risk of SIM swap attacks confirmed

Therefore, the subsequent checks carried out show that some data of a part of the customer base has been illegally stolen with reference only to the personal and technical data of the SIM. The company communicates that no data related to traffic (SMS, phone calls, web activity, etc.), nor bank details or data related to any payment system of its customers have been stolen in any way.

Because the attackers managed to get hold of the ICCID, the 19-digit international code that uniquely identifies the SIM, for ho’s customers. However, the mobile phone involved in the data theft continues to be the risk of being the victim of a SIM swap attack which allows you to clone the SIM and then access online services.

The countermeasures of ho. Mobile to mitigate risks

To avoid committing a possible toll fraud, I have done so. Mobile immediately launched a procedure to inform all customers involved in the data breach and activated additional and new levels of security to protect customers from potential threats.

More actions will also be implemented to protect stolen data that will be communicated to customers in the coming days.

The operator informs that it has activated additional controls for those who request a SIM change, to determine the identity of the user and the real ownership of the SIM. However, this change can only be made, for security reasons, in person.

Sim change

In this sense, all users can proceed to the replacement of your SIM requesting a new one free of charge at authorized points of sale.

Second Salvatore lombardo, cybersecurity expert consultant, “we proceed slowly after an initial denial: ho. Mobile announces, after a week, the confirmation of the data leak, but only on a part of the files related to its user base. “

A serious attack, happening now

“In any case, the accident is taking on serious and worrying connotations, making it one of the most important in Italy so far,” continues Lombardo. “It is now safe to expect, in addition to SIM swapping attacks, attempts in various ways identity fraud and the implementation of social engineering strategies against the users involved “.

However, according to Paolo Dal Checco, IT Forensic Consultant, “from the confirmation posted by ho. Mobile regarding data theft, a relevant detail arises and indicates the correct way in which the data breach management is being proceeded: the company announces that, based on controls still in progress, the illegal theft of some data from of the customer base, also specifying the details of what was stolen (personal and technical data of the SIM) and what was not stolen (traffic data and bank details) ”.

“The precision with which the company identified the perimeter of the leak,” continues Dal Checco, “Indicates that they most likely have performed or are conducting a post-incident forensic analysis of their systems, that you have brought or are bringing to light useful evidence to better define what happened (log files, access traces to files, databases or API, etc.), or that you have somehow taken possession of information related to the data leak that I will at least describe its scope. “

Even so, according to Dal Checco, “this activity will allow them, in addition to informing the Privacy Guarantor if ‘the violation of personal data involves a risk to people’s rights and freedoms’, even’ I only have clients. Mobile involved ‘”.

“This aspect also indicates how it was possible to discriminate between users involved and users not involved (also not to alarm those who are not at risk) and it is correct because stakeholders need to know what data has been leaked, when the theft occurred and what measures were put in place to contain and protect the data, both those already released and those that are still safe ”.

Ho’s responses. Mobile to your customers’ questions

I have. Mobile has also published a series of answers to the most frequently asked questions from its customers:

1. What data was stolen? From the subsequent controls carried out, which are still in progress, it appears that some data from part of the customer base has been illegally stolen with reference only to personal data (name, surname, telephone number, social security number, email , date and place of birth, nationality and address) and SIM technicians. No traffic data (phone calls, SMS, web activities, etc.) or bank data or data related to any payment system of its customers have been stolen.
2. How do I know if my data has been stolen? You will receive a dedicated communication in case you have been involved.
3. I have activated the automatic recharge. Have my bank details been stolen? No, no data related to traffic (phone calls, SMS, web activities, etc.) or bank details or data related to any customer payment system was stolen.
4. I want to replace my SIM, how do I do it? You can go to one of our authorized distributors and request a SIM change free of charge, bringing your current SIM and a valid identity document. who you can find the store closest to you.
5. I don’t want / can go to the store. Can you send me the SIM? The SIM replacement process requires physical recognition from the customer, so we cannot ship the SIM to you at this time. You can go to one of our authorized distributors and request a SIM change free of charge, bringing your current SIM and a valid identity document. who you can find the store closest to you.
6. I am a client that I have. Mobile. That I have to do? We have activated additional levels of security to protect customers from the threat of potential fraud. If you want to replace your SIM, you can request it for free at authorized points of sale. who you can find the store closest to you. However, it is good practice to periodically update your account passwords, possibly choosing different ones for different sites and paying attention to any abnormal access. Always report any abnormal operation to the account provider and always pay attention not to access insecure websites and not to share your credentials or other personal data via SMS or email.

@ALL RIGHTS RESERVED