In an era where digital communication is the lifeblood of business and personal interactions, the latest AT&T security breach sent shockwaves through the telecommunications industry. This latest security incident, which exposed the call and text records of around 110 million customers, serves as a stark reminder of the vulnerabilities inherent in traditional communication systems.
As organizations and individuals grapple with the fallout, the need for robust, secure communication solutions has never been more apparent.
The AT&T Breach: What Happened?
The latest AT&T breach exposed the potentially sensitive information of “nearly all” AT&T customers, including phone numbers of both cellular and landline customers, as well as records of calls and text messages, from a six-month period between May 1, 2022 and October 31, 2022. The data also contains the phone numbers of non-customers who were called by AT&T customers during this time, including landlines and international calls. The records of a “very small number” of customers from January 2, 2023, were also accessed, according to the company.
The telecoms giant said the stolen data “does not contain the content of calls or texts,” but rather, information about the calls, known as metadata. However, this leaked data is still valuable for threat actors, since publicly available tools can be used to link customer names with specific phone numbers, as well as to infer approximate locations.
Who is at Risk, and Why?
A prior AT&T breach back in March saw a data breach broker dump 73 million customer records, including passcodes, social security numbers, email and mailing addresses, and birthdates, onto a known cybercrime forum on the dark web. The addition of this new leaked data could lead to enterprising attackers joining the dots between both datasets, leading to a host of other malicious activities.
Blackmail could be one such example. Let’s say the CEO or other high-ranking executive of a company often calls a person or place that could damage their reputation, should word get out. For instance, they might often ring a substance-abuse helpline. If they are married, call records could uncover an affair. Or should the attackers hit the jackpot, they’d learn from call metadata that the executive is involved in shady or even criminal activities. Regardless, all of the above and more sets up the perfect conditions for a bad actor to demand a bribe or ransom for keeping this information out of the public eye.
For those higher-risk private individuals whose physical safety depends on their communications and location remaining confidential, such as journalists, activists, government workers and domestic abuse survivors, the potential threat may be greater still.
“Telecommunications metadata can be a goldmine for cybercriminals,” says Ismael Valenzuela, VP of Threat Research and Intelligence at BlackBerry. “Even if the contents of calls and texts aren’t leaked, knowledge of the context behind these calls, such as who a person calls, how often and when, can be easily weaponized. Threat actors can figure out approximately where you live, where you work, who you talk to most often, and even if you call any potentially sensitive numbers such as health providers.”
Intelligence analysts have long used this type of data to build a picture of a suspect’s daily patterns of life, which is one of the reasons telecoms companies are so often targeted by foreign services. For the average person, though, the telecoms breach still poses risks.
“You may feel you have nothing an attacker could want. But just knowing who you call most regularly and who you’d be most likely to trust and therefore pick up a call from, makes it easier for cybercriminals to impersonate you, or to perpetuate any one of a multitude of phone-based scams,” adds Valenzuela.
Although AT&T asserts that the leaked metadata is not publicly available at present, the breach underscores a critical weakness in conventional telecommunication infrastructure: the centralized storage of vast amounts of sensitive data. Traditional SMS and voice call systems are convenient. But these systems so often prioritize accessibility over security and leave customers vulnerable to large-scale attacks.
Mitigations
It may seem like there’s a data breach every single day, but that shouldn’t lull anyone into becoming complacent. AT&T has reached out to impacted customers; if you were one of those notified, it’s always a good idea to step up your personal security measures, many of which involve using common sense and don’t require a lot of effort.
Here are some helpful tips:
- If you haven’t done so already, change the password on your online AT&T account.
- Set up two-factor authentication (2FA) on all your personal online accounts, and consider using a second factor that isn’t a text, since those can be easily faked by the bad guys.
- Be aware that attackers can fake or spoof real phone numbers with relative ease. If you get a call from a familiar number at an unusual time of day, it may be prudent to end the call and immediately call the person back to verify the call isn’t coming from a scammer. (The call will go through to the real person, since spoofed numbers can’t intercept calls made to the cloned number.)
- Always be wary of calls or SMS messages that come from unknown numbers. These messages may claim to be from a person you know saying they have “lost their phone,” or making similar excuses for the unknown number. As above, it’s best to find a way to verify this before adding the new number to your phone book.
- Be cautious of any email or text messages asking for personal, account, or credit card information.
- Don’t click on links sent to you in a text message, even if the name and number is familiar. Scammers can build fake websites that may look and function exactly like websites you use every day, such as banking websites.
- Make sure a website is secure by looking for the “s” after the "http" in the address. There should also be a lock icon at the bottom of the webpage.
- Request companies delete your personal information frequently. The less data being held in your online accounts, the better.
How to Check if Your Data Was Leaked
AT&T customers should receive a text, email or U.S. mail notification if their account was impacted by the breach, depending on their account type:
- AT&T Wireless customers will be notified by email or U.S. mail only, and will not receive a text.
- AT&T Prepaid® customers will be contacted by text or email only.
- FirstNet®, myAT&T, myPrepaid and Business accounts (including Premiere) should check their AT&T online account for more information.
You can also find out whether your data was leaked by logging into your AT&T account. Find out more about how your account may have been impacted on AT&T's dedicated support page here.
I Believe I’m Being Targeted by a Phone or Text Scam. What Should I Do?
AT&T customers can report suspicious texts by forwarding them to the company. Here’s a quick guide on how to do so for both iOS and Android.
If you believe you may have already been a target of fraud involving your phone number or account including identity theft, immediately report it to the AT&T Fraud team here.
By reporting suspicious activity, you can help the company take action to protect you and others. They may block the number associated with the suspicious activity and/or take down malicious websites, email accounts, and other resources used by the scammer.
They will also share the information with other carriers so they can also take action, protecting many more consumers.
Related Reading:
- The Day the Digital World Froze: Lessons from a Global Tech Crisis
- Siemens Chairman: Unlocking Trust in a Digital World
- Why We Must Upgrade Communication Tools for the Digital Age of Emergencies
- 12 Days Without Revenue: Ransomware Fallout Continues in Healthcare Sector
