A phone number was, originally, an address for the device rather than the person. The two have since become harder to separate. A modern mobile number, in particular, is treated by most systems as an identifier of its holder.

The matching happens through several routes. A registration that recorded the number against a name is held by the carrier; a verification at a financial institution or service provider has stored the number against an account; an address book belonging to a contact, automatically uploaded to a service, has stored the number against the name as that contact understands it. None of these stores is, in isolation, public. Each is queryable through some commercial or other channel.

The result is that a phone number, once given to enough places, becomes a key that joins them. A query against a known number returns the assembled picture: the account it sits within, the contacts who know it as belonging to a particular person, the registrations that confirm the connection. The number is not searchable in the way a name is, but it can be tested against, and the test usually succeeds.

For a principal whose number is shared narrowly, this is rarely a concern. For a principal whose number has been given out over many years, used to register many accounts, and shared in many address books, the number functions as effectively as a name. The same identifier connects records that the principal would not otherwise consider connected.

The remediation here is partial. Existing exposure cannot be unwound. What can be done is to consider, for a principal who is changing the number or establishing a new one, how it is given out, where it is registered, and against which accounts it becomes the verification of record.