Yes I know, someone I worked with many years ago apparently had that happen to them I discovered on the weekend. I've been aware for years because the company I worked for back then issued a security alert about it and gave instructions on what to look for and do.

I'm only going with what the manager of the Mobile network store said which was that It did make it easier in this case. There wasn't any need to send out a physical SIM which would have meant the scammer had to have the address where the card should be sent to. This in turn would have meant that there was a delay between the request being made, the Sim Card being sent out and the number being available to the scammer, increasing the chance the issue was caught. The scammer would have to be present in the UK (and at the account address) when the sim card was delivered. That means they had a far greater chance of being physically caught. Any change in the address it was being sent to would should have triggered additional layers of security. Yes the employee who allowed the swap to an esim should have followed more robust security procedures and was probably the weakest link. The problem was that the esim made the swap of numbers between phones almost instantaneous and no need to actually be in the UK let alone at the account address, which at that point they may not have known.