AT&T Data Breach: What To Know, What To Do
As you likely know, AT&T recently announced that it and its cellular customers were victims of a massive data breach. The AT&T data breach began in May 2022 and continued for several months before discovery. The company stated that the breach involved records related to calls and text messages. Further, AT&T stated that it involved “nearly all” of the company’s cellular customers. However, the company indicated that the content of voice calls and text messages was not compromised, except for calls to Canada. Now, many are wondering what steps they should take to minimize the impact the breach may have on them. If you are an AT&T wireless customer, following is a list of actions you should consider taking to minimize the threat of any further damage.
Who Is Impacted By The AT&T Data Breach And What Data Was Compromised?
First, understand who is impacted. The breach appears to directly involve only wireless customers. Thus, if you have a “landline” account with AT&T, call-related data on that account was likely not affected. However, AT&T has confirmed that there was also a smaller breach on January 2, 2023. In this second breach, AT&T landline numbers that interacted with cellular numbers on that day may have been impacted.
Second, understand what data might have been impacted. As indicated above, the company stated that call and text content was not compromised in the breach. Likewise, customer names were not exposed, nor was other information such as Social Security numbers, birthdays, or the dates and times of specific calls or text messages. However, although the content of calls and messages does not appear to have been compromised, logs of every call or text message were compromised. These logs include information such as the date and time of each call or message; they also include the duration of the interaction but, again, content was not compromised.
What Should I Do Now?
Keep in mind that the nature of the data compromised did not involve the content of calls or messages. Likewise, it did not include compromising usernames, passwords, or other authentication measures. Therefore, given the type of data that was taken in the attack, the first thing to do is NOT to panic. Very little, if any, of the compromised data is private or sensitive.
Notwithstanding the above, there are still some risks associated with the AT&T data breach. For example, cybercriminals who have access to the data might use it to extort money from victims. Such a scenario could unfold when the criminal threatens to release call records unless the victim pays a ransom.
Further, AT&T warns against other potential scams that might involve compromised data. Specifically, the company urges customers to remain skeptical of any call or message claiming to be from a trusted source or adviser. This includes your bank or investment advisor and governmental entity like the Internal Revenue Service or the Social Security Administration.
At a “macro” level, this breach should serve as yet another reminder that everyone must remain vigilant in protecting personal and corporate data. Following good data security practices is not optional at a corporate or personal level. Sound, fundamental data security practices such as the following still work quite well at mitigating information security risks.
Click Here To See What AT&T Had To Say About The Breach
Fundamental Data Security Practices
At a “macro” level, this breach should serve as yet another reminder that everyone must remain vigilant in protecting personal and corporate data. Following good data security practices is not optional at a corporate or personal level. Sound, fundamental data security practices such as the following still work quite well at mitigating information security risks.
- Use “long-and-strong” passwords/passcodes and never share them with others.
- Use password management tools to help you manage your passwords.
- Enable multifactor authentication everywhere you can.
- Keep your computer’s operating system and applications patched and up-to-date.
- Never click on links from unknown sources.
- Use the security tools embedded in your operating system, such as BitLocker, AppLocker, and Controlled Folder Access.
- Take advantage of Zero Trust Security models as they become available.
- Ensure your personal and corporate data is backed up routinely and securely.
Summary
Data breaches are just one of our “new normals.” Whether they occur because of something we did, or whether they happen through no fault of our own, we still must deal with the aftermath. Fortunately, in the case of the AT&T data breach, it appears that the damage will be minimal, at least in the short term. However, this hack should serve as a reminder to everyone that we can never let down our guard against data security threats, lest we become victims!
At K2 Enterprises, our commitment lies in providing unwavering support and expert instruction to CPAs. Explore the wealth of resources on our website, where you’ll find valuable insights on selecting the most suitable accounting software, ensuring your firm is equipped with the right tools for the journey ahead. K2 Enterprises provides continuing education programs to enhance your skills and credentials. Visit us at k2e.com, where we make sophisticated technology understandable to anyone through our conferences, seminars, or on-demand courses.