After initially downplaying a major security incident, Ho Mobile has acknowledged that it suffered a breach and is now rushing to cover customers with replacement SIM cards to prevent fraud.
The incident last year was uncovered when a security analyst found a database with information on 2.5 million Ho Mobile users on sale on a darknet forum, Euro Weekly News reports.
Ho Mobile, a daughter company of Vodafone, downplayed the possibility of a hacker attack at first, stating that there was no evidence that their systems had been compromised, according to Hackread. Parent Vodafone Italy chimed in to say “Ho has no evidence of massive access to its IT systems that have jeopardized the customer base data.”
After an investigation, the telco eventually conceded that cybercriminals possess details of customers’ SIM cards, but maintained that no financial data or call details were stolen.
The Italian telco is now asking affected customers via SMS to visit their local Ho Mobile store and ask for a replacement SIM card.
“You can go to one of our authorized dealers and request a SIM change free of charge, bringing your current SIM and a valid identity document with you,” the company said Monday.
The swift move, reportedly praised by telecommunication analysts, prevents bad actors from conducting SIM swapping attacks, a form of account takeover fraud that targets multi-factor authentication.