AT&T is Protected against Cyberattacks: Evergreen Advice for Cybercriminalists and the Victims of a Third-Party Cloud Platform
The threat actor accessed the information through AT&T account on a third-party cloud platform, similar to the data breeches that have affected other companies, according to Alex Byers. AT&T first learned of the breach in April, but as reported by TechCrunch, an FBI spokesperson confirmed “AT&T, the FBI and the Department of Justice agreed to delay notifying the public and customers on two occasions, citing ‘potential risks to national security and/or public safety.’”
The data downloaded does not include calls or texts. It doesn’t have the time stamps for the calls or texts. Social Security numbers, dates of birth, or other personally identifiable information are not included in the data.
While the data doesn’t include customer names, there are ways to find a specific telephone number using publicly available online tools.
In a regulatory filing, the telecommunications company said it thinks the data is out of public view.
The company wrote that it first learned of the incident in April, but the U.S. Justice Department determined in May and again in June that “a delay in providing public disclosure was warranted” until now.
The records show the total call durations, calls and texts for specific days and months, as well as the other telephone numbers which affected customers interacted with.
The company has set up a website where current and former customers can check to see whether their information was involved.
And for those concerned about potential phishing and online fraud, it offers some evergreen advice, including not replying to a text from an unknown sender with personal details and making sure websites are secure by looking for the “s” after “http” in the address.
If customers suspect that they have been the victim of fraud, they should forward the message to AT&T and report it to its team.
How to Reset Passwords in the Dark Web: An Analysis of a Database of 70 Million User Account Holders on The “Dark Web”
In March it disclosed that it had reset passwords for 7.6 million users after finding a database on the “dark web” containing Social Security numbers and other personal information of 70 million account holders.