Google Fi User Data Breached Through T-Mobile Hack

Google Fi customers are impacted by the recent T-Mobile breach, as Fi relies on T-Mobile and US Cellular for connectivity.
According to Google Fi’s email sent to its customers on Monday, a limited amount of their customer data was exposed in T-Mobile’s breach after suspicious activity was noted in a system that contained Google Fi’s customer data.

Google Fi, Google’s official mobile virtual network operator (MVNO), has confirmed that data belonging to its customers was exposed in a recently discovered T-Mobile security breach. The incident was reported by on January 20th, 2023.

What does Google Fi have to do with T-Mobile?

For your information, Google Fi relies on T-Mobile and US Cellular for connectivity. It operates on the networks of US Cellular and T-Mobile, allowing customers to enjoy comprehensive coverage across the country.

Unlike traditional plans from Verizon or AT&T, Google Fi uses technology to switch between different cellular providers while your phone is in use. This means that if you’re using your phone and one carrier’s service becomes weaker than another’s in the area, your phone will automatically switch to a stronger signal – without any interruption in service.

T-Mobile Data Breach Details

On January 19th, T-Mobile published a regulatory filing revealing that an unauthorized threat actor had managed to access the data of 37 million of its current customers. The breach occurred in November 2022 and was discovered on January 5th, 2023.

T-Mobile Inc. informed law enforcement officials and cybersecurity consultants regarding the data hack, which included customers’ names, dates of birth, billing addresses, email addresses, and more than 37 million postpaid and prepaid customers.

Google Fi Warns About Data Exposure

According to Google Fi’s email sent to its customers on Monday, a limited amount of their customer data was exposed in T-Mobile’s breach after suspicious activity was noted in a system that contained Google Fi’s customer data.

Google has confirmed that no text message call contents or PINs were taken. Moreover, the exposed system did not store private customer data such as names, payment card details, email IDs, passwords, government IDs, etc.

However, the hackers could access account statuses, phone numbers, service plan details such as international roaming, and SMS card serial numbers. It is worth noting that, despite utilizing the T-Mobile network for its connections, Google did not name it as its primary service provider in the email.

Email sent to Google Fi customers:

Dear Google Fi customer,

We’re writing to let you know that the primary network provider for Google Fi recently informed us there has been suspicious activity relating to a third-party system that contains a limited amount of Google Fi customer data.

There is no action required by you at this time.

This system is used for Google Fi customer support purposes and contains limited data including when your account was activated, data about your mobile service plan, SIM card serial number, and active or inactive account status.

It does not contain your name, date of birth, email address, payment card information, social security number or tax IDs, driver’s license or other forms of government ID, or financial account information, passwords or PINs that you may use for Google Fi, or the contents of any SMS messages or calls.

Our incident response team undertook an investigation and determined that unauthorized access occurred and have worked with our primary network provider to identify and implement measures to secure the data on that third-party system and notify everyone potentially impacted. There was no access to Google’s systems or any systems overseen by Google.

If you are an active Fi user, please note that your Google Fi service continues to work as usual and was not interrupted by this issue.

What does this mean for me?

The accessed information included your phone number and limited technical information. This includes information about when your account was activated, SIM card serial number, account status (for example, whether your plan is active or inactive), and limited details about the mobile service plan and options provided by your Google Fi service (such as unlimited SMS or international roaming).

Google has assured its customers that they don’t need to take any further action, and there was no unauthorized invasion of Google’s own systems or any system that it directly oversees.


  1. Google Employees Data Stolen After Data Breach
  2. Hackers Breach TPG Telecoms’ Email Host to Steal Client Data
  3. Australia’s 2nd-largest telecom firm suffers massive data breach
  4. Hacker extracts user data from Canadian Telecom Firm after rebuttal
  5. Telecom giant behind routing SMS discloses 5-year-long data breach
Related Posts