May I make a suggestion, as so many people are trying scams and frauds through vulnerabilities in technology. The sim swap is a fairly scary one as the villain can with the new number swapped sim then obtain security bypass codes from banks etc sent to that number. I can suggest a simple measure to maybe help prevent the Sim Swap Scam, where a password preferably different to normal one, that has to be provided to move the number to a new sim, and perhaps also email verification after request?. The latter Giffgaff could set up without much fuss and under 'security policy'.
From personal experience, I have not considered in the past access to my Giffgaff online account site 'HIGH' security as there is not much to see or 'do' of high impact, I thought, like say there is with online banking. But now I'm rethinking that from what I have seen in the press. Luckily I'm not a victim of that scam, but I did have a very convincing call from 'HMRC' and the correct number (0300 ----) for the tax office was displayed making it look genuine, how they did this I don't know, and they had acquired enough info on me to sound convincing, demanding a payment. I called the HMRC tax office back from another phone on the number from their Website and the lady at the tax office confirmed it was bogus and not reply. I asked her to log our conversation just in case as the scammer was very convincing, probably copied a genuine call to their dodgy firm!.
One more thing on email security. I have started using a separate email account from my regular one for security, it has a nondescript numerical character address so that it has no relation to me by name, and I suggest using a more secure provider like tutanota or protonmail, with a unique password. Have all verifications and security backups linked to this account. Only use it for this so its use is infrequent. DO NOT LOSE the password to such an account.