Customers of Google Fi have been notified via email of “suspicious activity” that may have seen some lower-risk data exposed.
Somewhat ironically, Google Fi promises to be a “private and secure” phone plan that gives its subscribers access to unlimited data, end-to-end call encryption, VPN access, and more, for $50 per month (for one user).
Maybe less secure, though, is its “primary network provider” which informed Google that a “third party system that contains a limited amount of Google Fi customer data” was at risk. The unidentified network provider is likely to be T-Mobile, given that it supports a large portion of the Google Fi network and also experienced a data breach around the same time.
Google Fi data breach
Google told its customers that data including account activation, mobile service plan details, SIM card serial numbers, and account status, are among the key areas said to be at risk.
It stresses that personally identifiable information is excluded from the breach, so anything from a customer’s name, contact details, and date of birth, to financial information and login credentials, should all be safe.
Google’s incident response team says that Google’s systems were not compromised, but that it has worked with the “primary network provider” to implement security measures.
Customers do not need to do anything, and their services continue to work as usual.
Despite this, one Reddit (opens in new tab) user claims to have received an email from Google Fi notifying them that their mobile phone service had been transferred from their SIM card to another for almost two hours.
The author discusses how their primary email account, a financial account, and an authenticator app had all been accessed by a hacker, who may have been able to bypass any SMS-based authentication and gain access to personal accounts.
Google did not immediately respond to TechRadar Pro’s request for comment on the matter.
Via 9To5Google (opens in new tab)
