This article says that Google Fi customers were SIM swapped due to a T-Mobile breach. Even though "[t]here was no access to Google's systems or any systems overseen by Google."
> These attacks are conducted using social engineering, where the threat actor impersonates the customer and requests that the number be ported to a new device for some reason. To convince the mobile carrier that they are the customer, they provide personal information exposed to phishing attacks and data breaches.
> As the Google Fi data breach includes phone numbers, which can easily be linked to a customer's name, and the serial number of SIM cards, it would have made it even more convincing when contacting a mobile customer support representative.
They used the data in the breach to social engineer the Google fi reps. Attackers still needed to get through Google’s customer support system to perform the SIM swaps.
> As the Google Fi data breach includes phone numbers, which can easily be linked to a customer's name, and the serial number of SIM cards, it would have made it even more convincing when contacting a mobile customer support representative.
They used the data in the breach to social engineer the Google fi reps. Attackers still needed to get through Google’s customer support system to perform the SIM swaps.