This year has seen an unprecedented surge in data breaches, affecting sensitive information like phone, healthcare, and financial records. AT&T’s recent disclosure of a massive data breach is the latest significant security incident.
AT&T revealed in an SEC filing and blog post on Friday that hackers accessed almost all its cellular customers' phone calls and text message information. The breaches occurred between May 2022 and October 2022, and again on January 2, 2023. The compromised data includes details about the frequency of contacts between customers and specific phone numbers but not the content or exact timing of those communications. AT&T is collaborating with the FBI to investigate the breach that was discovered in April.
This breach adds to a troubling trend. TechCrunch reports that over 1 billion records have been stolen or accessed in data breaches this year alone. One major incident involved Change Healthcare, where a ransomware attack potentially affected one-third of Americans. The long-term consequences of this attack remain uncertain. Another incident exposed data from at least 165 organizations, including AT&T, through a breach at cloud computing company Snowflake. In March, a hacker also published records from 73 million current and former AT&T customers on the dark web.
The ease with which hackers can infiltrate corporate networks is alarming, often due to multiple potential entry points. A single mistake can give attackers access to cloud storage sites, enabling them to steal sensitive information. This stolen data can be used for phishing, identity theft, and fraudulent purchases. It can also help hackers gain entry into other networks with even more valuable information, especially if employees reuse passwords.
Reports indicate that AT&T may have paid hackers $370,000 to prevent the publication of the stolen data. However, the company has not confirmed this. Class-action lawsuits have already been filed against AT&T and other companies following these breaches.
Consumers can protect themselves after a data breach by enabling multifactor authentication and using password managers to create and store unique passwords. AT&T has promised to notify affected customers and believes that the recently stolen data has yet to be published online as of Monday.
Comments