Chaos to O2: He transferred his first ESIM exchange attack and announces new measures to prevent it

O2, an operator belonging to Telefónica, will have to face a fine of up to 200,000 euros The attack of ESIM, exchanging This influenced the operator several years ago. This was confirmed by the Spanish Agency for Data Protection (AEPD) after the client condemned the company with a fraudulent duplicate of his SIM -card from the low safety O2.

The event occurred in 2023, when the O2 client called to warn that his service on his SIM card was over. After the operator’s checks, they realized that the email related to the contract was different from the fact that the client initially laid it. And that, in addition, the duplicate of the sim was proposed to convert it to Esim. This allows you to activate the line practically without a physical map. They were before the first case Esim is exchanging O2Field

He SIM Card Exchange This is a technique in which attackers are deceiving operators Make a translation from a mobile line to another SIM card. This, in turn, allows the attacker to receive personal information, such as checking codes, etc. In this case, CyberdelinTeen has transmitted SIM card data from O2 to ESIM.

Telefónica pays 200,000 euros for O2 weather and reinforces your security

This transmission process was carried out by an attacker. Only with some personal data of the holderThe field among them is the name and surname of the headline, DNI and the last 4 digits of the last account number. This is the data that cybercrime could be obtained using phishing attacks or filtration. And although the process was fast and without practically suspicion, AEPD concludes that O2 has committed negligence Do not check that the email of the attacker does not correspond to the e -mail of the line.

As a result, Telefónica, the maternal company O2, paid 200,000 euros as a sanction “For violation of Article 6.1 RGPD, typical of article 83.5 GDPR.” The operator also took advantage of this situation to create a new level of security and, therefore, avoid future fraud Esim is exchangingField

In particular, from now on, when the user wants to make a duplicate or move from Sim to Esim, he must facilitate the operator verification code that will be sent to you through the message To the phone related to the line. Thus, the attacker will not have a way to get the specified code.

In any case, there are a number of recommendations for Avoid ESIM exchangeThe field for example, protect confidential information such as accounts. Also avoid getting into phishing fraud through emails or messages that are poorly written, have too juicy advertising actions or try to disturb some safety failure. In case of doubt, it is recommended to contact the operator through official channels.