SIM swap scams and mass data breaches: how leaked details spark fraud and account hijacks

Data breaches are a routine reality in today’s digital landscape, but their consequences can be deeply personal and costly. When criminals gain control of a phone number and linked online accounts, the effects can cascade across banking, messaging, and streaming services.

How SIM swap fraud works

Sue Shore shared her experience of a SIM swap, where criminals impersonate her to persuade a mobile operator to port her number to a new SIM. With control of her phone line, they intercepted security codes and seized access to her accounts.

She describes losing access to Gmail and having bank accounts locked after the attackers passed standard checks. A new credit card was opened in her name and purchases totaling more than £3,000 in vouchers were made before she could intervene.

Recovering involved several trips to her bank branches and to the mobile provider’s stores, and the attackers weren’t finished. After manipulating WhatsApp, they sent alarming messages to horse-riding groups she belongs to, falsely claiming threats to the horses.

Leaves of data: why breaches matter

We checked breach databases such as HaveIBeenPwned and Constella Intelligence to see if Sue’s details appeared in earlier incidents. Her phone number, email, date of birth, and home address surfaced in breaches tied to Paddy Power in 2010 and Verifications.io in 2019, among other compilations.

Experts say attackers often reuse leaked data from past breaches to pull off SIM swaps. Once they control a number, security codes meant for the rightful owner go to the attacker, undermining two-factor authentication.

Netflix hijacks and other account takeovers

Not all fraud targets large sums. Fran from Brazil told us a new user was registered on her Netflix account, driving up the monthly charge. She checked with family and found no one had added a profile.

Fran’s email had appeared in multiple breaches (Internet Archive 2024, Trellov 2024, Descomplica 2021, Wattpad 2020), according to HaveIBeenPwned. While her Netflix password isn’t in public datasets, leaked credentials could enable access in other breaches. Security researchers note there is a busy market for cracked streaming accounts, often used as an entry point for further abuse.

As with Sue, tracing a single breach to a specific attack is tricky; criminals frequently combine data from several sources and brokers to target victims.

Criminals also mix stolen private data with publicly available details to mount targeted phishing and social-engineering campaigns. Leah, a small business owner who asked not to be named, faced a lengthy scam reportedly originating in Vietnam. A phishing email, posing as a Facebook notification about a refund, led to a compromise of her business account despite two-factor authentication; attackers posted inappropriate content under her name, getting her blocked from certain services. A security researcher linked Leah’s data to breaches at Gravatar (2020) and Qantas (2024), suggesting attackers map private emails to business contact numbers to enhance phishing efforts.

Mass data breaches in 2025

Global data breaches continue to drive fraud and secondary hacks. In 2025, major incidents include:

• The Co‑op breach affecting millions of customers
• Marks & Spencer breach occurring around the same period
• Harrods exposing data of about 400,000 customers
• Qantas breach impacting roughly 5.7 million flyers

Proton Mail’s Data Breach Observatory recorded 794 verified breaches in 2025, exposing over 300 million records. Security experts say stolen data remains highly valuable for fraud, extortion, and larger-scale attacks.

Beyond notifying customers and regulators, responses vary. Some companies offer credit monitoring or compensation; others provide less protection. Courts have seen class-action suits against breaches, with mixed outcomes. T-Mobile’s 2021 settlement, paying up to $350 million to affected customers, highlights ongoing accountability debates.

Practical protection begins with personal vigilance and proactive security measures. Maintaining strong, unique passwords, enabling robust multi-factor authentication, and regularly reviewing account activity can reduce risk.

What you can do to protect yourself

Practical steps include using unique passwords, enabling strong multi-factor authentication, and staying vigilant for phishing messages. Regularly review account activity, report suspicious charges quickly, and consider freezing credit with major agencies if you suspect your data was compromised. Keep software and apps up to date, and verify any security-change requests directly with your provider rather than clicking links.

Key Takeaways

• Data breaches enable SIM swap and account takeovers by criminals.
• Older leaked data can be repurposed to launch new attacks.
• Free credit monitoring is not guaranteed; take proactive protective steps.
• Monitor accounts for unusual charges and phishing attempts; act fast to mitigate.
• Contact banks and service providers immediately to protect assets and recover access.

Expert commentary

Expert note: Hannah Baumgaertner of Silobreaker notes that attackers often join data from different breaches to target individuals. Strengthening verification and watching for unfamiliar activity can reduce risk.

Summary

As data breaches multiply, criminals increasingly exploit leaked information to intercept security codes, seize control of devices, and financially harm victims. The Sue Shore case and others show how a single breach can cascade into multiple account losses, including bank access and streaming services. The core takeaway is clear: stay vigilant, act quickly, and protect your digital identity with robust security practices.

Key insight: Data breaches fuel a thriving market for identity fraud, so stay vigilant, monitor accounts, and act quickly to protect yourself. Source: BBC News article BBC News