Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
Hackers got access to phone call and text message records belonging to roughly 109 million people in the AT&T data breach.
The breaching of AT&T’s online database hosted in a Snowflake account happened in April 2024.
What information did the AT&T data breach impact?
The incident affected almost all the company’s mobile customers who communicated from May 1 to October 31, 2022, and on January 2, 2023.
Although phone call and text message records were compromised, according to AT&T the hackers did not get access to the content of the calls or messages.
The downloaded data doesn’t include the content of any calls or texts. It doesn’t have the time stamps for the calls or texts. It also doesn’t have any details such as Social Security numbers, dates of birth, or other personally identifiable information.
Source – The AT&T statement
Source – US Securities and Exchange Commission form
The stolen data includes:
- Phone numbers of AT&T wireline users
- Phone numbers that the AT&T or MVNO wireless numbers contacted
- The number of calls or text messages a number engaged in
- Call duration for a certain day or month
Also, according to AT&T’s statement
For a subset of the records, one or more cell site ID numbers associated with the interactions are also included.
Source – The AT&T statement
Although the data does not associate names and other personally identifiable information with the phone numbers, hackers can do the matching by using other stolen databases. Thus, they can elaborate communication patterns and find out who connects to whom.
Further on, they can use this intelligence in social engineering, online impersonation, and phishing attacks.
The company said they will contact all former or current affected customers through email or US mail only.
Heimdal™ Ransomware Encryption Protection
- Blocks any unauthorized encryption attempts;
- Detects ransomware regardless of signature;
- Universal compatibility with any cybersecurity solution;
- Full audit trail with stunning graphics;
How to protect sensitive data
The AT&T data breach is rooted in a third-party operator’s – Snowflake – breach. So, it might seem that AT&T couldn’t have done much to protect the data. However, there are some standard security measures companies should enforce when working with third parties:
Sign a security agreement
Make sure that your collaborator follows the same security policy you use. Specifically ask for the third party to apply data protection measures. Reserve the right to audit if the operator applies security best practices. Read this Guide to Third Party Risk Management for inspiration.
Encrypt sensitive data
Use end-to-end encryption to protect sensitive data in transit. If the hackers seize your data through DNS tunneling, or exploiting a VPN flaw, they will not be able to read and use them. Also, encrypt sensitive data at rest.
Audit regularly
Based on the security agreement you’ve signed with your third-party operator, regularly conduct audits. This will keep you aware if there’s a safety problem that could impact your data.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.
