Picture representing the concept of a security breach

TracFone Security Breach

TracFone is experiencing a security incident. Some customer data was compromised, and attackers sometimes managed to port out phone numbers. TracFone put up a webpage with details about the incident:

We were recently made aware of bad actors gaining access to a limited number of customer accounts and, in some cases, fraudulently transferring, or porting out, mobile telephone numbers to other carriers. These bad actors may have had access to your name, address, PIN code, account number, secret question (but not answer) and email address to the extent you provided us with such information.

It sounds like TracFone tried to contact affected customers but may have been unable to in cases where numbers were ported out:

We may have made an attempt to contact you, but given the nature of this activity, messages to impacted mobile telephone numbers may no longer be accessible by some customers.

I’m unsure about the scope of the issue. In a brief search, I couldn’t find any direct reports from affected customers. That may suggest the breach was minor. On the other hand, the incident seems serious since it spurred TracFone to run a banner drawing attention to the incident across TracFoneWirelessInc.com:

Screenshot of a banner drawing attention to TracFone's security incident

I don’t know which TracFone brands are affected. I didn’t see a similar banner on the websites for TotalWireless or StraightTalk.


Hat tip to Dennis Bournique, who drew my attention to this story.