Verizon owned TracFone said attackers gained access to customer accounts | Photo Illustration by Rafael Henrique/SOPA Images/LightRocket via Getty Images
Customers of Verizon-owned TracFone saw their numbers transferred to different carriers without their consent in recent weeks, as part of what the company characterized as the work of external attackers, according to a notice on its website (via the Wall Street Journal). Its Straight Talk and Total Wireless brands were affected as well.
âWe were recently made aware of bad actors gaining access to a limited number of customer accounts and, in some cases, fraudulently transferring, or porting out, mobile telephone numbers to other carriers,â TracFone said in the notice. The company did not reply to numerous requests for comment from The Verge, but the WSJ reported that some 6,000 customers were affected. Some saw their lines had been transferred to Metro PCS, which is owned by T-Mobile.
T-Mobile spokesperson Tara Darrow said in an email to The Verge that the company had investigated the issue, âand there is no fraud or data breach of any sort on the T-Mobile side of these port-outs. More importantly, we do not ever possess or house the account number or PIN data that TracFone requires to validate an account and is necessary to conduct a port out of a TracFone customer, so this cannot occur from our side of the porting exercise.â She added that the company was working with TracFone on the issue.
Steven Simms of Atlanta has been a Total Wireless customer for about three years. He chose the plan to save a bit of money and says he and his wife were happy customers most of the time.
But on December 31st, he says his phone number was ported to another carrier â Metro PCS â without his permission. âThis inactivated my phone number so I cannot receive or make any calls,â Simms said in an email to The Verge earlier this month. He said as a small business owner, he was losing money because clients couldnât reach him, and the company didnât appear to have any remedy for him.
Simms was among dozens of people who told The Verge they had their numbers unexpectedly ported to Metro PCS beginning in December. He said Total Wireless customer service was unhelpful and told him it had requested MetroPCS return his number, which MetroPCS told him wasnât accurate.
Simms said his number was finally returned after 12 days, and heâs planning to change providers but hadnât done so as of Wednesday.
Last September, the Federal Communications Commission (FCC) said it was looking into strengthening rules to reduce cell phone scams, including port-out fraud. This is when a fraudster poses as the owner of a phone number, opens an account with a different cell phone carrier than the victimâs, and has the victimâs phone number transferred â or âported outâ â to the new account with the different carrier.
It wasnât immediately clear Wednesday who may have been behind the attack on TracFone, but the company said in the website notice that it tried to notify customers, âbut given the nature of this activity, messages to impacted mobile telephone numbers may no longer be accessible by some customers.â TracFone urged customers to change their PIN numbers and said it had made âenhancementsâ to improve security.
Sean Hollister contributed reporting