A data breach has affected customers using the Google Fi mobile phone network, Google said Monday in an email to those impacted by the unauthorized access. The problem apparently occurred thanks to Google’s partnership with T-Mobile.
The data came from a third-party system at Google Fi’s “primary network provider,” Google said in its email. Google Fi’s main cellular network provider is T-Mobile, though it also uses the smaller rival US Cellular network.
The breached system is used for customer support and holds “limited data,” including when a customer’s account was activated, information about the plan, the SIM card serial number, and whether the account is active or inactive, Google said in its email.
The data doesn’t include a customer’s name; date of birth; email; payment information; Social Security number; tax ID; driver’s license number or other government ID information; financial information; passwords; PINs; or text message and call data.
The mishap could be related to a major T-Mobile breach affecting 37 million customers earlier in January. It was the eighth time the telecom company had been hacked since 2018. Google said none of its internal systems or systems it oversees were accessed.
Neither Google nor T-Mobile immediately responded to requests for comment. Google Fi doesn’t own its own cellular network infrastructure. Instead, it partners with T-Mobile and US Cellular to provide service. Google Fi isn’t directly related to Google’s mobile operating system, Android.
Major account breaches involving Google’s own infrastructure are unusual, but they aren’t unknown. One attack. in 2013, was blamed on Chinese hackers, and another, in 2018, exposed the information of 500,000 users of Google Plus, the failed Facebook rival that Google eventually shut down. The company famously pays thousands of dollars in “bug bounties” to researchers who find security flaws in its products.
Google told Fi customers that their service isn’t affected by the data breach.