ChatGPT's New Skills Resident Evil 4 Remake Galaxy A54 5G Hands-On TikTok CEO Testifies Huawei's New Folding Phone How to Use Google's AI Chatbot Airlines and Family Seating Weigh Yourself Accurately
Want CNET to notify you of price drops and the latest stories?
No, thank you

Google Fi Customer Data Accessed After 'Suspicious Activity'

Google blamed the data breach on the main cellular network provider partner. That's T-Mobile, which suffered a major data breach in 2022.

Google Fi logo
Sarah Tew/CNET

A data breach has affected customers using the Google Fi mobile phone network, Google said Monday in an email to those affected by the unauthorized access. The problem apparently occurred because of Google's partnership with T-Mobile.

The data came from a third-party system at Google Fi's "primary network provider," Google said in its email. Google Fi's main cellular network provider is T-Mobile, though it also uses the smaller rival USCellular network.

The breached system is used for customer support and holds "limited data," including when a customer's account was activated, information about the plan, the SIM card serial number, and whether the account is active or inactive, Google said in its email.

The data doesn't include a customer's name, date of birth, email, payment information, Social Security number, tax ID, driver's license number or other government ID information, financial information, passwords, PINs, or text message and call data.

The mishap could be related to a major T-Mobile breach affecting 37 million customers earlier in January. It was the eighth time the telecom company had been hacked since 2018. Google said none of its internal systems or systems it oversees was accessed.

Neither Google, USCellular nor T-Mobile immediately responded to requests for comment.

Google Fi doesn't own its own cellular network infrastructure. Instead, it partners with T-Mobile and USCellular to provide service. Google Fi isn't directly related to Google's mobile operating system, Android.

Major account breaches involving Google's own infrastructure are unusual, but they aren't unknown. One attack, in 2013, was blamed on Chinese hackers, and another, in 2018, exposed the information of 500,000 users of Google Plus, the failed Facebook rival that Google eventually shut down. The company famously pays thousands of dollars in "bug bounties" to researchers who find security flaws in its products.

Google told Fi customers that their service isn't affected by the data breach.