That's rather bizar logic. An obligation to keep something secure comes either from a specific law, or from something specific in a contract.
The fact something is important to you, and you failed to negotiate that in your contract, doesn't mean that the company providing the service is somehow required to take that into account.
You're telling me that offering a service comes with no guarantee of the service? If I'm paying you, but you're no longer providing the service to me, but to some third party, how is that upholding the contract?
If you order food in a restaurant and someone takes the food from the waiter before you can have it, what would you want the restaurant to do?
The service is that you can receive messages. The service is not that you are the only one who can receive those messages. If someone commits fraud and obtains a SIM with your number then the telco is in general quite willing to correct the error. Maybe they will even given you an extra copy of the messages that were lost.
It's like going to a fast food restaurant and later complaining that the meat is of low quality.
This is really twisted logic you're trying to use.
If I entrust my email to Google, them having corrupt employees who give my email to other people would be a serious issue, for security, privacy and a myriad of other reasons. This is exactly what's happening at phone companies.
The fact something is important to you, and you failed to negotiate that in your contract, doesn't mean that the company providing the service is somehow required to take that into account.