Considering even the US government uses SMS 2FA, which means control of your phone number is tantamount to authorization to do things on your behalf, there should be severe penalties for breaking into the systems of phone network operators.
Not that the SMS 2FA is the appropriate way to be doing things, but it is what it is, and the government is not wanting to take on any liability, and the mobile networks do not want any liability (nor should it be foisted upon them), keeping the punishment high for stuff like this seems like the best we can hope for.
Not that the SMS 2FA is the appropriate way to be doing things, but it is what it is, and the government is not wanting to take on any liability, and the mobile networks do not want any liability (nor should it be foisted upon them), keeping the punishment high for stuff like this seems like the best we can hope for.