Yeah, in separate databases on separate systems. The network plane of a phone provider should only be able to access a database mapping IMSI -> account ID, and the billing/customer service department should only be able to access a database mapping account ID -> actual account data.
Unfortunately, anything involving phones is based on literally decades of stuff that was made in a time where every participant in the network was trusted by default, and bringing up the legacy compatibility stuff to modern standards is all but impossible.
randomized IDs and linked lists, which correspond to entries in DBs elsewhere.
IMEI 123456789 has ID sjkadnasf8uywjerhsdu, and then in the hyper locked down Mongo instance used by billing knows that sjkadnasf8uywjerhsdu relates to John Smith, credit card number xxxx xxxx xxxx xxxx
make it so you have to crack all of em, instead of just nailing one and walking out w/ all the crown jewels
