I recently heard that a telephone company (a mobile network operator) was hacked and lots of data was stolen, maybe affecting up to a million customers. It sounds like the leaked data is already available on the dark web, and it includes all personal information (names, addresses, ID numbers, phone numbers, etc.) and also a lot of technical data (including SIM activation date, IMSI, ICCID, PUK, etc.). The company confirmed the attack, and said that they now enabled some new security controls in order to prevent potential frauds (but nobody knows what controls they are talking about). However, if you want, they offer to replace the SIM card for free (but they said you need to go to one of their stores, in person).
The question is: does replacing only the SIM card (and keeping the same phone number) help to mitigate anything in such a situation? I don't know how a SIM swap works exactly in detail, but I suspect it depends on the security practices of the carrier(s) involved, so the amount and type of data required by the attacker may vary. By replacing the SIM card, I suppose you would only invalidate the technical data (IMSI, ICCID, PUK, etc.) but I'm not sure how useful that is in practice. Other kinds of attacks might be facilitated by knowing such technical details, however I'm still not sure about their impact. Even if replacing the SIM card might help, what I'd like to know is how much it would help here, and why.