In a startling revelation, AT&T announced that it had suffered a significant data breach affecting “nearly all” of its cellular customers, as well as customers of mobile virtual network operators (MVNOs) using AT&T’s wireless network and some landline customers. The data that was taken was from May 1 through October 31, 2022, with a small number of additional records from January 2, 2023, which has raised serious concerns about customer privacy and data security.
GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE
Scope of the breach
The compromised data includes records of calls and text messages, along with phone numbers that AT&T or MVNO cellular numbers interacted with during the specified period. For some records, cell site identification numbers were also exposed. AT&T emphasized that the breach did not include the content of calls or texts, personal information like Social Security numbers or dates of birth, or specific timestamps of communications.
Cybercriminals target cloud platform
AT&T disclosed that the data was illegally downloaded from their workspace on a third-party cloud platform. The company has since taken steps to close off the illegal access point and is working with law enforcement to apprehend those responsible. At least one person has reportedly been arrested in connection with the incident.
BEWARE OF ENCRYPTED PDFS AS THE LATEST TRICK TO DELIVER MALWARE TO YOU
AT&T’s customer notification and response
AT&T plans to notify approximately 110 million current and former customers whose information was involved in the breach. The company has created a website to provide more information and resources for affected customers.
We reached out to AT&T, and a company spokesperson provided us with this statement:
At this time, we do not believe that the data is publicly available. Our top priority, as always, is our customers. We will provide notice to current and former customers whose information was involved along with resources to help protect their information. We sincerely regret this incident occurred and remain committed to protecting the information in our care.
Delayed disclosure and national security concerns
Interestingly, AT&T, in cooperation with the FBI and the Department of Justice, delayed notifying the public about the breach on two occasions, citing “potential risks to national security and/or public safety.” For its part, AT&T explained that the delayed disclosure was a result of its ongoing collaboration with law enforcement during their investigation into the breach. This decision highlights the complex interplay between corporate responsibility, law enforcement, and national security considerations in cybersecurity incidents.
Recent history of AT&T data breaches
This incident marks the second significant security breach for AT&T in 2024. In March, the company was forced to reset the account passcodes of approximately 7.6 million customers after a cache of customer account information, including encrypted passcodes, was published on a cybercrime forum.
AT&T took this precautionary action after a security researcher warned that the encrypted passcodes could be easily decrypted, potentially compromising customer accounts. This earlier breach affected roughly 70 million past or present customers and reportedly included sensitive information such as Social Security numbers and full names.
Broader implications for data security
This latest incident is part of a larger trend of data breaches targeting cloud platforms. AT&T’s breach has been linked to a series of data thefts from Snowflake, a cloud data giant, which has affected several other companies as well. The breach underscores the ongoing challenges in securing sensitive data stored in cloud environments and the need for robust cybersecurity measures.
As investigations continue and more details emerge, this incident serves as a stark reminder of the persistent threats to data security in our increasingly connected world. It also raises questions about the adequacy of current data protection practices and the need for stronger regulations to safeguard consumer information.
How to protect yourself from threats targeting you
You should take immediate action to minimize the damage. Here are some steps that you can follow:
1) Change your passwords
If hackers have recorded your passwords, they could access your online accounts and steal your data or money. ON ANOTHER DEVICE (i.e., your laptop or desktop), you should change your passwords for all your important accounts, such as email, banking, social media, etc. You want to do this on another device so the hacker isn’t’ recording you setting up your new password on your hacked device. And you should also use strong and unique passwords that are hard to guess or crack. You can also use a password manager to generate and store your passwords securely.
2) Enable two-factor authentication
You’ll want to activate two-factor authentication for an extra layer of security.
3) Monitor your accounts and transactions
You should check your online accounts and transactions regularly for any suspicious or unauthorized activity. If you notice anything unusual, immediately report it to the service provider or authorities. You should also review your credit reports and scores to see if there are any signs of identity theft or fraud.
4) Contact your bank and credit card companies
If hackers have obtained your bank or credit card information, they could use it to make purchases or withdrawals without your consent. You should inform your bank and credit card companies of the situation. They can help you freeze or cancel your cards, dispute any fraudulent charges, and issue new cards for you.
You should also contact one of the three major credit reporting agencies (Equifax, Experian, or TransUnion) and request a fraud alert to be placed on your credit file. This will make it more difficult for identity thieves to open new accounts in your name without verification. You can even freeze your credit if need be.
5) Invest in personal data removal services
While no service promises to remove all your data from the internet, having a removal service is invaluable, especially after a data breach. These services can help you mitigate the potential damage by ensuring your compromised information is continuously monitored and systematically removed from hundreds of sites. This ongoing process reduces the risk of identity theft, fraud, and other malicious activities, providing an additional layer of security and peace of mind.
A service like Incogni can help you remove all this personal information from the internet. It has a very clean interface and will scan 195 websites for your information and remove it and keep it removed.
Special for CyberGuy Readers (60% off): Incogni offers A 30-day money-back guarantee and then charges a special CyberGuy discount only through the links in this article of $5.99/month for one person (billed annually) or $13.19/month for your family (up to 4 people) on their annual plan and get a fully automated data removal service, including recurring removal from 175+ data brokers. I recommend the family plan because it works out to only $4.12 per person per month for year-round coverage. It’s an excellent service, and I highly recommend at least trying it out to see what it’s all about.
6) Use identity theft protection
Identity Theft protection companies can monitor personal information like your home title, Social Security Number (SSN), phone number, and email address and alert you if it is being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.
One of the best parts of using Identity Guard includes identity theft insurance of up to 1 million dollars to cover losses and legal fees and a white glove fraud resolution team where a US-based case manager helps you recover any losses.
Special for CyberGuy Readers: Save up to 52% with my top recommendation is Identity Guard.
See my tips and best picks on how to protect yourself from identity theft.
7) Alert your contacts
If hackers have accessed your email or social media accounts, they could use them to send spam or phishing messages to your contacts. They could also impersonate you and ask for money or personal information. You should alert your contacts and warn them not to open or respond to any messages from you that seem suspicious or unusual.
WHAT TO DO IF YOUR BANK ACCOUNT IS HACKED
Kurt’s key takeaways
The AT&T data breach is another wake-up call for consumers and corporations in our digital age. It underscores the critical need for enhanced cybersecurity measures, particularly in cloud-based systems where vast amounts of sensitive data are stored. As technology evolves, so too must our approach to data protection. This incident should prompt a broader discussion about the balance between technological advancement, user privacy, and national security.
It’s also another reminder that we cannot rely on others and need to make ourselves resilient against attacks that are only getting more frequent and destructive. If you do not use tools to enhance your privacy and security, including strong antivirus protection on your iPhone, Android, PC, and Mac, use a VPN to insulate your privacy, and actively remove your personal data from the internet, then you are asking for trouble.
In light of this breach, what measures do you think telecom companies should implement to better protect customer data? Should we have been notified of this huge breach earlier than 3 months after the fact? Let us know in the comments below.
FOR MORE OF MY TECH TIPS & SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE
Copyright 2024 CyberGuy.com. All rights reserved. CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.
1 comment
This article is incorrect they got my social security number and phone number and put it on the dark web.
“AT&T emphasized that the breach did not include the content of calls or texts, personal information like Social Security numbers”