Hackers accessed call and text message records for a massive portion of AT&T's cellular network customers. The breach, affecting data from May 2022 to January 2023, exposed phone numbers and call durations, but not the content of conversations or personal information like names and addresses.

Why is this a big deal?

  • Privacy Concerns: Even without names, phone numbers can be used to identify individuals and potentially reveal personal details.
  • National Security Risk: This large-scale data collection could be a national security threat, allowing attackers to track movements and connections of a significant portion of the population.
  • Vishing and Smishing: Hackers could use phone numbers to launch phishing attacks (vishing for voice calls, smishing for SMS text messages). They might impersonate legitimate companies (e.g., AT&T itself, banks, credit card companies) and attempt to trick people into revealing personal information or financial details.
  • Social Engineering: With phone numbers, hackers can gather information from social media or other sources to personalize their scams. They might use details gleaned from call history or social media profiles to pose as someone familiar or trustworthy, making the scam more believable.
  • While names and addresses weren't exposed, phone numbers can be a stepping stone. Hackers might use phone numbers alongside information obtained from other sources (data breaches elsewhere, social media) to build a more complete picture of an individual's identity. This could be used for opening fraudulent accounts, applying for loans, or other identity theft crimes.
  • Selling Data to Spammers: The hacker could sell the phone number data to spammers who use it for unsolicited marketing calls and text messages.
  • Targeted Robocalls: Hackers might use the data to target individuals with robocalls tailored to their call history or demographics, making them seem more legitimate and increasing the chances of victims answering.
  • Sim Swapping: This involves tricking a mobile carrier into transferring a victim's phone number to a SIM card controlled by the hacker. With the phone number compromised, hackers could potentially intercept verification codes or two-factor authentication messages, gaining access to other accounts linked to that number.

What's AT&T Doing?

  • AT&T is working with law enforcement to investigate and apprehend the hackers.
  • The company is contacting affected customers and has taken additional security measures.

What You Should Do:

  • Be cautious of suspicious calls or texts, especially those claiming to be from AT&T. Hackers often exploit data breaches to launch phishing attacks. These are emails or messages designed to trick you into revealing personal information or clicking malicious links. Be cautious about unexpected emails or calls, especially those claiming to be from the breached company. Don't click on suspicious links or attachments, and verify any information directly with the company through their official channels.
  • This incident highlights the importance of cybersecurity. Consider online privacy practices to protect yourself.
  • Immediately change your passwords for any accounts that might have been affected by the breach, especially those using the same login information (username and password) across multiple platforms. Consider using a password manager to create and store strong, unique passwords for each account.
  • Many online services offer two-factor authentication (2FA) as an extra layer of security. This usually involves a code sent to your phone or email that needs to be entered in addition to your password when logging in. Enabling 2FA adds a significant security barrier for hackers.
  • Keep an eye out for any suspicious activity on your accounts, such as unauthorized purchases or login attempts.
  • Regularly monitor your bank statements and credit reports for any unusual activity. You can request a free credit report every year from each of the three major credit bureaus (Equifax, Experian, TransUnion) and consider placing a credit freeze or fraud alert on your account to prevent unauthorized access.

The Takeaway:

This data breach is a reminder of the vulnerabilities in our digital world. Let's work together to prioritize cybersecurity for both businesses and individuals. Staying informed and taking proactive steps can help minimize the risks associated with a data breach. Don't hesitate to seek help from identity theft protection services if you feel overwhelmed or at high risk due to the nature of the data exposed. Data breaches are unfortunately becoming more common. By being vigilant and taking these precautions, you can make it harder for hackers to exploit your information.

Is Cybersecurity A Concern For Your Small-Mid Size Business? Call CISPOINT at (443) 213-0108 or click HERE to book your Discovery Call TODAY!

Want to know how well your employees can distinguish between a phish and reality? Check out Google's phishing quiz HERE! It's much harder than you would think.