From outages to data breaches for AT&T

Not even two months since a massive, nationwide outage left millions of their customers without cell service for hours, AT&T is again in the news for a major data breach.  Over the weekend, the company revealed that over 73 million current and former customers had their data released on the dark web, though the origin of this exposure is still unclear.  Nevertheless, the standard range of data was compromised, such as names, addresses, Social Security numbers, account numbers and passcodes: enough personally identifiable information (PII) to effectively recreate a person’s profile in cyberspace.

It seems to be too early still for much more concrete information beyond this.  It’s also possible, suggested users on the hacking forum BreachForums, that the current incident is a repost of a breach from 2021, in which a group called ShinyHunters also claimed it was selling data on 70 million AT&T customers.  Regardless, the gates have barely opened on an investigation by the FCC into the aforementioned outage.  The company was likewise sparing in its explanation there.  Allegedly a technical error during a network expansion was responsible, though perhaps the FCC’s investigation will unearth further details on the cause and effects.

AT&T is not alone in its industry for undergoing data breaches.  Just last year, T-Mobile saw unauthorized access of personal data from 37 million customers, only one year after settling a $350 million class action suit from another data breach that impacted 40 million people.

In the meantime, while we wait for more news, AT&T and experts are recommending that people change their passcodes, monitor their credit reports and adopt multi-factor authentication (MFA).  For those affected, AT&T has said that it will provide free identity theft and credit monitoring services.

Remember, however, that you have rights when it comes to the protection of your data. With surprising speed, only a couple of days since the news, a class action lawsuit has been filed against the company for this breach.  I wonder if that’s a record.  The plaintiff accuses AT&T of “intentionally, willfully, recklessly, or negligently failing to take adequate and reasonable measures to ensure its data systems were protected against unauthorized intrusions,” and that the “Defendant could have prevented this data breach by, among other things, properly encrypting or otherwise protecting their equipment and computer files containing PII.”

If the data was not in fact encrypted, that would spell more trouble for the company.  Personal data theft can very quickly lead to legal and financial repercussions for the responsible business. In fact, we recently discussed whether companies are looking out for your safety, which could be one of the many issues with this new AT&T breach. At NetLib Security, we understand the critical importance of protecting your PII. Our powerful platform, Encryptionizer, effortlessly protects stored data by transparently encrypting data on servers, legacy systems, devices, and distributed applications, ensuring a necessary safeguard against security incidents like AT&T’s.