Important Notice: AT&T Data Breach Information

Memo
Written By Studio Soph
 
 

We are writing to inform you about a recent data breach involving AT&T that may affect you. On July 12, 2024, AT&T disclosed a significant data breach that exposed call and text message records of nearly all its cellular customers. The breach occurred between May 1 and October 31, 2022, with a small number of records from January 2, 2023, also affected.

The exposed data includes call and text message records, revealing the telephone numbers involved in the interactions. However, the breach did not compromise the content of these communications, nor did it reveal the timestamps of these conversations. 

The breach resulted from unauthorized access to AT&T's data storage on Snowflake, a third-party cloud analytics platform.  This unauthorized access allowed an unknown individual to illegally download customer information, similar to recent incidents involving  BlackBerry Cylance, T-Mobile, and State Farm. 

Theoretically the type of information involved in this breach could be used for targeted attacks that simulate calls and texts from known numbers to increase the chance of the recipient trusting the bad actor. 

What You Can Do:

  • Stay vigilant: Be cautious, this breach could potentially increase the chance of other attacks, fraud calls or texts requesting personal information.

  • Report suspicious activity: Forward any suspicious emails and inform us immediately if you receive suspicious texts or calls.

 
 

As an MSP, and with the lessons learned from the root cause of this incident, there are several steps we take to protect you from similar incidents in the future:

  • Secure Third-Party Cloud Platforms: The breach at AT&T was caused by unauthorized access to their workspace on a third-party cloud platform. To prevent similar incidents, we thoroughly evaluate the cybersecurity posture of all third-party vendors before integrating or onboarding their services. This includes strong access controls, encryption of data at rest and in transit, and regular security audits. We recommend that where possible 3rd party applications be configured to use SSO to your identity management system (such as Microsoft’s EntraID), and enforce MFA, conditional access and geo-fencing for all logins.

  • Regular Monitoring and Auditing: Monitor and audit your firm’s systems to detect unusual activity. We recommend that all clients utilize a log aggregation system (SEIM) and 24x7 Security Operations Center (SOC). Early detection of a breach significantly limits its impact.

  • Cybersecurity Incident Response Plan: We recommend that all clients have a well-defined and tested Cybersecurity Incident Response Plan (CIRP) in place. In case of a breach, this plan guides us and your team through the steps necessary to contain the breach, eradicate the threat, and recover.

 

For more information about the data breach, we encourage you to read the articles from: 

CNN - https://www.cnn.com/2024/07/12/business/att-customers-massive-breach/index.html   

AT&T - https://about.att.com/story/2024/addressing-illegal-download.html    

 

If you have any concerns or questions, feel free to reach out to us.

 

Sincerely,

— Your HalcyonFT Team

 
 
 
 

{ HALCYONFT UPDATES }

More Insights

 
 
 
 

{ CONTACT }

Connect with us to discuss what HalcyonFT can do for you

 
 
Studio Soph https://www.studiosoph.co.uk
Previous

Global Tech Outage – Crowdstrike
Next

HalcyonFT Quarterly Newsletter - Q2 2024 - Updates and Recommendations