Ho. Mobile SIM data breach
The customer database of Ho. Mobile, Vodafone Italy's budget operator, was stolen and offered for sale on the dark web — exposing the personal and SIM data of about 2.5 million Italian subscribers and prompting a mass SIM replacement.
- Victim
- Ho. Mobile (Vodafone Italy)
- records
- 2.5M
- users
- 2.5M
In the first days of January 2021, Ho. Mobile — the low-cost mobile brand operated by Vodafone Italy — confirmed that the personal data of approximately 2.5 million subscribers had been stolen and put up for sale on a dark-web forum. The breach was especially serious because the stolen data included the technical details needed to clone SIM cards, exposing customers to SIM-swap fraud.
What happened
On 28 December 2020, a security analyst noticed that Ho. Mobile's full customer database was being advertised for sale on a dark-web hacking forum, reportedly for around $50,000. Initially, on 4 January 2021, Ho. Mobile stated it had found no evidence of unauthorized access to its systems. Later the same day, however, the company reversed course and confirmed the breach, acknowledging that customer personal data and SIM-related information had indeed been exfiltrated.
The compromised records included customers' names and surnames, phone numbers, email addresses, dates and places of birth, nationality, and home addresses — and, critically, SIM card identifiers (ICCID).
Impact
- Around 2.5 million Ho. Mobile subscribers had their personal data exposed.
- Because the stolen data included the ICCID and identity details needed to authorise a SIM transfer, attackers could attempt SIM-swapping — hijacking a victim's phone number to intercept SMS-based one-time passcodes and take over bank accounts, email, and other services.
- In an unusually proactive response, Ho. Mobile offered to replace the SIM cards of all 2.5 million affected customers free of charge, neutralising the SIM-swap risk for anyone who took up the offer.
- The company reported the incident to Italy's data protection authority (Garante per la protezione dei dati personali) and to law enforcement.
Why it matters
The Ho. Mobile breach is a landmark telecom data exposure because it went beyond ordinary PII to threaten the authentication backbone that millions of people rely on. SMS one-time passcodes remain a common second factor, and a database containing ICCIDs plus identity data is a ready-made toolkit for SIM-swap fraud. Ho. Mobile's decision to reissue every affected SIM set a notable precedent for breach remediation in the telecom sector — an expensive but effective acknowledgment that, once SIM data is in criminal hands, only physical SIM replacement fully closes the risk. The case also reinforced the broader industry shift away from SMS-based authentication toward app-based and hardware second factors.
Timeline
A security analyst spots Ho. Mobile's customer database being offered for sale on a dark-web forum.
Ho. Mobile initially states it has no evidence of unauthorized access to its systems.
Later the same day, Ho. Mobile confirms the breach, acknowledging that personal and SIM-related data was stolen.
Ho. Mobile offers to replace the SIM cards of all 2.5 million affected customers free of charge.
The stolen database, advertised for around $50,000, circulates among threat actors who could use it for SIM-swap fraud.
Sources
- bleepingcomputer.comhttps://www.bleepingcomputer.com/news/security/vodafones-ho-mobile-admits-data-breach-25m-users-impacted/
- securitynewspaper.comhttps://www.securitynewspaper.com/2021/01/06/data-breach-at-ho-mobile-over-2-5-million-sim-cards-data-leaked/
- bitdefender.comhttps://www.bitdefender.com/en-gb/blog/hotforsecurity/vodafone-subsidiary-issues-replacement-sims-for-2-5-million-customers-amid-major-data-breach
- euroweeklynews.comhttps://euroweeklynews.com/2021/01/05/hackers-steal-personal-data-from-2-5-million-italian-phone-users/