In a shocking revelation, AT&T announced a major data breach affecting “nearly all” of its mobile phone customers, customers of mobile virtual network operators (MVNOs) that use AT&T’s wireless network, and some landline customers.
The data collected spans the period from May 1 to October 31, 2022, with a small number of records from January 2, 2023, raising serious concerns about customer privacy and data security.
Cyber security prevention experts at work. (AT&T)
Scope of the infringement
The compromised data includes call and text message records, as well as phone numbers that AT&T or MVNO mobile numbers communicated with during the specified time period. In some records, cell site identification numbers were also exposed.
AT&T stressed that the leak did not include the content of calls or text messages, personal information such as Social Security numbers or dates of birth, or specific timestamps of communications.
For security alerts and expert tips, sign up for KURT’s newsletter, The Cyberguy Report.
An illustration of a cyber criminal at work. (Kurt “Cyberguy” Knutson)
Cybercriminals target cloud platforms
AT&T revealed that the data was illegally downloaded from its workspaces on a third-party cloud platform. The company has since taken steps to shut down the illegal access points and is working with police to catch the perpetrators. At least one person has reportedly been arrested in connection with the incident.
An illustration of a cyber criminal at work. (Kurt “Cyberguy” Knutson)
Beware of encrypted PDFs, the latest way to deliver malware
AT&T Customer Notification and Response
AT&T plans to notify approximately 110 million current and former customers involved in the breach. We created a website To provide affected customers with further information and resources.
We reached out to AT&T and received the following statement from a company spokesperson:
“At this time, we do not believe that any data has been made publicly available. Our first priority is always our customers, and we will notify current and former customers whose information concerns us, along with resources to help them protect their information. We sincerely regret that this incident occurred and remain committed to protecting the information in our control.”
Delays in disclosure and national security concerns
Interestingly, AT&T worked with the FBI and Department of Justice to delay notifying the public about the breach on two occasions, citing “potential risks to national security and/or public safety.” AT&T explained that the delayed disclosure was the result of its ongoing collaboration with law enforcement during the investigation of the breach. This decision highlights the complex interplay of corporate liability, law enforcement, and national security considerations in cybersecurity incidents.
Recent History of AT&T Data Breaches
This incident AT&T’s second major security breach In March, the company was forced to reset account passcodes for approximately 7.6 million customers after a cache of customer account information, including encrypted passcodes, was made public on a cybercrime forum.
Click here to read more US news
AT&T took this precaution after security researchers warned that encrypted passcodes could be easily cracked, putting customer accounts at risk. That earlier breach reportedly affected about 70 million past or current customers and included sensitive information such as Social Security numbers and names.
An illustration of a cyber criminal at work. (Kurt “Cyberguy” Knutson)
The wider impact on data security
This latest incident is part of a larger trend of data breaches targeting cloud platforms. The AT&T breach has been linked to a series of data thefts by cloud data giant Snowflake that have affected several other companies. The breach highlights the ongoing challenge of securing sensitive data stored in cloud environments and the need for strong cybersecurity measures.
As the investigation continues and details emerge, this case serves as a stark reminder of the constant threats to data security in our increasingly connected world. It also raises questions about the adequacy of current data protection practices and the need for stronger regulation to protect consumer information.
How can I find out if my information is on the dark web?
You can go translator To check if your information has been sold on the dark web, simply enter your email address in the search bar. The website will search for your data and show you if there have been any data breaches related to your email address on various sites. You may have already received an email from the website informing you that some of your data has been stolen.
How to remove your personal information from the internet
Security-oriented image. (Kurt “Cyberguy” Knutson)
26 billion reasons to protect yourself after massive data breach revealed
What to do if your information is stolen
So, your information is translator If you can’t access the site, you need to take action immediately to minimize the damage. Follow these steps:
1. Change your password
If a hacker had recorded your password, they could access your online accounts and steal your data or money. On another device (laptop or desktop), you should change the passwords for all your important accounts, including email, banking, and social media. You should do this on a different device so that the hacker doesn’t record you setting a new password on the hacked device. You should also use strong, unique passwords that are difficult to guess or crack. Password Manager Generate and store your passwords securely.
2. Enable Two-Factor Authentication
I want to activate Two-factor authentication This is to provide an extra layer of security.
3. Monitor your accounts and transactions
Regularly check your online accounts and transactions for suspicious or fraudulent activity. If you notice anything unusual, report it immediately to your service provider or authorities. You should also check your credit report and credit score for signs of identity theft or fraud.
Click here to get FOX Business on the go
4. Contact your bank or credit card company
If a hacker gets hold of your bank or credit card information, they could make purchases or withdrawals without your consent. Let your bank or credit card company know about the situation. They can help you freeze or cancel your card, dispute the fraudulent charges, or issue you a new card.
You should also contact any of the big three credit reporting agencies (Equifax, Experian, or TransUnion) and ask them to place a fraud alert on your credit file. This will make it harder for identity thieves to open new accounts in your name without verification. You can also freeze your credit if necessary.
5. Use identity theft protection
Identity theft protection companies can monitor personal information like your home ownership, Social Security number (SSN), phone number, and email address and alert you if it is being used to open accounts. They can also help you freeze bank and credit card accounts to prevent further fraudulent use by criminals.
One of the best things about using an identity theft protection company is that it includes identity theft insurance up to. $1 million to cover losses and legal costs and A team of US-based case managers dedicated to resolving fraud It will help you recover your losses. Check out these tips and best choices for protecting yourself against identity theft.
6. Notify your contacts
If hackers gain access to your email or social media accounts, they may send spam or Phishing messages They may also pretend to be you and ask for money or personal information. You should warn your contacts and warn them not to open or reply to any suspicious or unusual messages from you.
7. Invest in a personal data deletion service
While no service promises to remove all your data from the Internet, having removal services available is extremely important, especially after a data breach occurs. These services help mitigate potential damage by continually monitoring for compromised information and systematically removing it from hundreds of sites. This ongoing process reduces the risk of identity theft, fraud, and other malicious activity, giving you an extra layer of security and peace of mind. Use my best choices here to remove your personal data from the internet.
What to do if your bank account has been hacked
Important points about the cart
The AT&T data breach is another wake-up call for consumers and businesses in the digital age. It highlights the critical importance of strengthening cybersecurity measures, especially in cloud-based systems where vast amounts of sensitive data are stored. As technology evolves, our approach to data protection must evolve as well. This incident should prompt a broader discussion about the balance between technological advancements, user privacy, and national security.
Click here to get the FOX News app
It is also a reminder that we cannot rely on others and that we need to strengthen ourselves against increasingly frequent and devastating attacks. Enhances privacy and security, including powerful antivirus protection On iPhone, Android, PC, and Mac A VPN that protects your privacyand actively removing your personal data from the internet is asking for trouble.
In light of this breach, what steps do you think telecommunications companies should have taken to better protect customer data? Should they have been notified of this massive breach more than three months prior to the fact? Cyberguy.com/Contact Us
If you want to receive more of my tech tips and security alerts, subscribe to the free CyberGuy Report newsletter at the link below. Cyberguy.com/Newsletter
Have a question for Kurt or tell us the story you’d like to see featured?.
Follow Kurt on his social channels:
Answers to the CyberGuy’s most frequently asked questions:
Copyright 2024 CyberGuy.com. All Rights Reserved.
