Data breaches are becoming more common and alarming. This week, AT&T disclosed a significant breach involving the theft of call and text message data logs for almost all its wireless customers.
Details of the breach
The breach, revealed in a securities filing on Friday, involves data from May 1 to October 31, 2022. The stolen logs include phone numbers texted or called by AT&T wireless subscribers and the length and frequency of these calls. However, AT&T clarified that the content of the communications and the exact times of contact were not part of the breach. The compromised call data is limited to U.S. and Canadian numbers.
Nearly all of AT&T's subscriber base during this period, around 110 million users, have been affected. This includes users of affiliated virtual operators like Cricket and H2O Wireless. Additionally, some records from January 2, 2023, and specific cell phone tower usage were also accessed, potentially allowing hackers to determine the locations of individual phone numbers.
Source of the breach
AT&T identified Snowflake, a third-party cloud storage service, as the source of the breach. Snowflake, also involved in the Ticketmaster data breach in May, has stated that its platform shows no signs of unauthorised access. Despite becoming aware of the breach by late April, AT&T delayed its disclosure until the FBI analysed it to assess potential national security risks.
Preventive measures
While AT&T believes the data has not been publicly released yet, it is wise to take preventive steps to protect yourself and your online presence:
- Screen for scam attempts: With personal information potentially available on the dark web, be cautious when someone contacts you using specific details about you. Always verify the legitimacy of the communication before responding. Use official contact methods to follow up on messages, and seek a second opinion from a trusted friend or family member if unsure.
- Watch for identity theft: Look for signs of identity theft, such as unexpected mail about new accounts or already-filed taxes. If you notice anything suspicious, act promptly to secure your identity.
- Use strong passwords and passkeys: Secure your online accounts with unique, random, and strong passwords. Avoid reusing passwords, especially those containing personal information. A password manager can help you keep track of them.
- Enable two-factor authentication: Adding an extra layer of security to your accounts can prevent unauthorised access, even if someone guesses your password.
- Lock down social media accounts: Avoid publicly sharing your whereabouts and habits to reduce the risk of scams. If you are concerned about the contents of your chats being revealed, consider switching to encrypted forms of communication.
Despite the frequency of data breaches, they have not yet exposed the intimate details of our personal lives. However, given the increasing scope of these breaches, it seems only a matter of time before more sensitive information is revealed without our consent.