Customers of Verizon-owned TracFone saw their numbers transferred to different carriers without their consent in recent weeks, as part of what the company characterized as the work of external attackers, according to a notice on its website (via the Wall Street Journal). Its Straight Talk and Total Wireless brands were affected as well.
“We were recently made aware of bad actors gaining access to a limited number of customer accounts and, in some cases, fraudulently transferring, or porting out, mobile telephone numbers to other carriers,” TracFone said in the notice. The company did not reply to numerous requests for comment from The Verge, but the WSJ reported that some 6,000 customers were affected. Some saw their lines had been transferred to Metro PCS, which is owned by T-Mobile.
T-Mobile spokesperson Tara Darrow said in an email to The Verge that the company had investigated the issue, “and there is no fraud or data breach of any sort on the T-Mobile side of these port-outs. More importantly, we do not ever possess or house the account number or PIN data that TracFone requires to validate an account and is necessary to conduct a port out of a TracFone customer, so this cannot occur from our side of the porting exercise.” She added that the company was working with TracFone on the issue.
Steven Simms of Atlanta has been a Total Wireless customer for about three years. He chose the plan to save a bit of money and says he and his wife were happy customers most of the time.
But on December 31st, he says his phone number was ported to another carrier — Metro PCS — without his permission. “This inactivated my phone number so I cannot receive or make any calls,” Simms said in an email to The Verge earlier this month. He said as a small business owner, he was losing money because clients couldn’t reach him, and the company didn’t appear to have any remedy for him.
Simms was among dozens of people who told The Verge they had their numbers unexpectedly ported to Metro PCS beginning in December. He said Total Wireless customer service was unhelpful and told him it had requested MetroPCS return his number, which MetroPCS told him wasn’t accurate.
Simms said his number was finally returned after 12 days, and he’s planning to change providers but hadn’t done so as of Wednesday.
Last September, the Federal Communications Commission (FCC) said it was looking into strengthening rules to reduce cell phone scams, including port-out fraud. This is when a fraudster poses as the owner of a phone number, opens an account with a different cell phone carrier than the victim’s, and has the victim’s phone number transferred — or “ported out” — to the new account with the different carrier.
It wasn’t immediately clear Wednesday who may have been behind the attack on TracFone, but the company said in the website notice that it tried to notify customers, “but given the nature of this activity, messages to impacted mobile telephone numbers may no longer be accessible by some customers.” TracFone urged customers to change their PIN numbers and said it had made “enhancements” to improve security.
Sean Hollister contributed reporting