Cyber Incident Victim: Taiwan Mobile
Date:
Jan 2021
Location:
Taiwan
Summary
Taiwan Mobile faced a significant security incident involving its self-branded smartphone model, supplied by a Chinese manufacturer, which was found to contain a pre-installed trojan virus introduced during production. The malware compromised user devices, leading to identity theft incidents among subscribers. Following an investigation, regulatory authorities ordered a recall of the affected devices, which had been distributed to tens of thousands of customers over a multi-year sales period. The company issued direct notifications to impacted users advising them of the breach and its consequences.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
The Taiwan Mobile security breach involved a self-branded smartphone model (Amazing A32) supplied by a Chinese manufacturer and sold to subscribers between April 2018 and July 2020. On January 6, 2021, Taiwan Mobile notified 7,557 subscribers still using the affected device that a trojan virus had been implanted during the manufacturing process in China. The malware facilitated identity theft incidents among users. The compromised devices were distributed over a 28-month period, with total sales reaching 94,191 units before being discontinued.
Taiwan Mobile's notification occurred nine days before Taiwan's National Communications Commission (NCC) issued an official recall order on January 15, 2021. The regulatory action targeted all remaining active devices from the affected production batch. The breach gained significant public attention due to both the scale of potential exposure (nearly 100,000 devices sold) and the confirmed compromise of subscriber data through manufactured hardware. Identity theft incidents directly linked to the pre-installed malware were verified prior to the NCC's intervention. No technical details about the trojan's functionality or data exfiltration methods were disclosed in available reports. The incident highlighted supply chain vulnerabilities in telecommunications hardware procurement from foreign manufacturers.