Google Fi Customer Data Accessed After 'Suspicious Activity'

Google blamed the data breach on the main cellular network provider partner. That's T-Mobile, which suffered a major data breach in 2022.

Imad Khan Senior Reporter
Imad is a senior reporter covering Google and internet culture. Hailing from Texas, Imad started his journalism career in 2013 and has amassed bylines with The New York Times, The Washington Post, ESPN, Tom's Guide and Wired, among others.
Expertise Google | Internet Culture
Imad Khan
2 min read
Google Fi logo
Sarah Tew/CNET

A data breach has affected customers using the Google Fi mobile phone network, Google said Monday in an email to those affected by the unauthorized access. The problem apparently occurred because of Google's partnership with T-Mobile.

The data came from a third-party system at Google Fi's "primary network provider," Google said in its email. Google Fi's main cellular network provider is T-Mobile, though it also uses the smaller rival USCellular network.

The breached system is used for customer support and holds "limited data," including when a customer's account was activated, information about the plan, the SIM card serial number, and whether the account is active or inactive, Google said in its email.

The data doesn't include a customer's name, date of birth, email, payment information, Social Security number, tax ID, driver's license number or other government ID information, financial information, passwords, PINs, or text message and call data.

The mishap could be related to a major T-Mobile breach affecting 37 million customers earlier in January. It was the eighth time the telecom company had been hacked since 2018. Google said none of its internal systems or systems it oversees was accessed.

Neither Google, USCellular nor T-Mobile immediately responded to requests for comment.

Google Fi doesn't own its own cellular network infrastructure. Instead, it partners with T-Mobile and USCellular to provide service. Google Fi isn't directly related to Google's mobile operating system, Android.

Major account breaches involving Google's own infrastructure are unusual, but they aren't unknown. One attack, in 2013, was blamed on Chinese hackers, and another, in 2018, exposed the information of 500,000 users of Google Plus, the failed Facebook rival that Google eventually shut down. The company famously pays thousands of dollars in "bug bounties" to researchers who find security flaws in its products.

Google told Fi customers that their service isn't affected by the data breach.