in the famous words of roger sanchez, “here we go again!”

the recent at&t data breach has sent shockwaves through the tech world, raising significant concerns about data security. however, it’s important to note that the actual contents of calls and texts of at&t customers were not exposed. let’s break down what really happened, why it’s not as catastrophic as it might seem, and the serious implications that still remain.

on friday, at&t reported a massive data breach that exposed phone call and text message records for nearly all of its customers for a six-month period between may 1, 2022, and october 31, 2022. the telecom giant learned about the illegal download in april but delayed disclosing the incident in response to “national security and public safety concerns,” noting that some records included data that could be used to determine where a call was made or a text message sent. at&t also acknowledged that customer records were exposed in a cloud database protected only by a username and password (no multi-factor authentication needed).

this breach is distinct from another incident at&t disclosed earlier this year, where hackers stole personal data, including social security numbers, from millions of current and former customers. this means the hack announced friday could pose an even greater threat to at&t users.

dan schiappa, chief product and services officer at arctic wolf, noted, “these types of identity-based attacks that exfiltrate customer records can allow attackers to piece together the personal data of individuals, including names, phone numbers, addresses, and financial and social security details, placing millions of people at risk for identity theft or fraud.”

inadequate cybersecurity and lack of accountability

businesses must recognize that no system is entirely immune to cyber threats. they should not only continually update their security practices but also ensure they have the minimum security practices in place. no mfa? i mean, come on! this breach underscores the need for stringent regulatory compliance and the potential legal ramifications for companies that fail to protect customer data adequately.

highlighting the regulatory challenges, sen. ron wyden, d-ore., stated, “this is not the first data breach revealed by a major phone company and it won’t be the last. these hacks, which are almost always the result of inadequate cybersecurity, won’t end until the fcc starts holding the carriers accountable for their negligence. these companies will keep shortchanging customer security until it hits them in the wallet with billion dollar fines.”

u.s. securities regulations require companies to inform customers of breaches within 30 days.

were you affected?

to address the breach, at&t stated it will alert impacted customers via text, email, or u.s. mail. additionally, customers can log into their accounts to check if their data was affected.

customers “can also request a report that provides a more user-friendly version of technical information that was compromised,” a spokesperson told cbs moneywatch.

at&t said it’s not providing additional identity theft protection services at this time, and customers can visit att.com/dataincident for more information.

recommended steps for businesses

it’s important to remember that all businesses, regardless of size, are targets for hackers. whether you’re an enterprise or a single business owner, your security practices should be thorough and proactive. cyber threats do not discriminate based on the size of your business. ensure you implement strong security measures, such as regular audits, data encryption, employee training, and multi-factor authentication. taking these steps will help protect your valuable data and maintain customer trust. your business’s security is not just a technical requirement; it’s a critical component of your success and reputation.

partner with HUGO CONNECT and experience the unique benefits of working directly with a dedicated it director who values your success as much as you do. stay ahead, stay secure, and achieve your goals with HUGO CONNECT.

reach out today at 312.796.9007 or success@hugoconnect.it, and schedule a free consultation.

where information technology and human touch intersect