The call and text message records of tens of millions of AT&T cell phone customers from 2022 have been exposed in a massive data breach, according to news released by the telecom company on July 12.
According to an ABC News report, AT&T has said an “illegal download” on a third-party cloud platform that it learned about in April was to blame. That happened just as the company was dealing with another unrelated major data leak.
AT&T told CNN that it learned in April that customer data was illegally downloaded from its workspace on Snowflake, which is a third-party cloud platform. The company said it has hired cybersecurity experts and has taken steps to close the “illegal access point.”
It has also stated that it is cooperating with law enforcement’s efforts to apprehend those responsible for this data breach. So far, one person has reportedly been arrested.
What Customer Data Has Been Compromised?
AT&T said the data exposed in this latest breach includes the telephone numbers of nearly all of its cellular customers and the customers of mobile virtual network operators on its network between May 1, 2022 and Oct. 31, 2022. In addition, the records of a small number of customers on Jan. 2, 2023, have also been compromised, company officials said.
AT&T had about 110 million wireless subscribers as of the end of 2022. The data breach also included AT&T landline customers interacting with those cell numbers.
While customer names were not exposed in this incident, the company has acknowledged that publicly available tools can link specific phone numbers to names. Because cell site identification numbers linked to calls and texts were also exposed, such data could disclose the broad geographic location of one or more of the parties.
AT&T said in a statement that at this time, it does not believe the data is publicly available. Current and former customers whose information has been compromised due to this data breach will be notified. The compromised data however does not include personal information such as Social Security numbers or dates of birth.
How Can You Protect Yourself?
According to AT&T, it is contacting customers whose data was compromised during this most recent data breach. Customers can also check the status of their MyAT&T, FirstNet, and business AT&T accounts to see if their data was affected through their account profiles.
If your data has been affected by the breach, you will be able to receive the phone numbers of the compromised calls and texts until December 2024.
You can request this data through your AT&T profile if you are a current customer. AT&T prepaid customers can submit a data request as can prior customers who were with the company during the affected time frame. If you don’t have a case number, you can still submit a legal demand subpoena to the company’s registered agent, CT Corp, for handling and processing, according to AT&T.
The company’s website also urges customers to protect themselves from phishing and scamming. One way to do this is to only open text messages from people you know.
Do not reply to a text from an unknown sender with personal details. Go to a company’s website and look for the “s” after the http in the URL to make sure it is secure. AT&T is also recommending that customers forward suspicious text activity on AT&T’s website. It is a free service that does not count towards any text plan.
Can Corporations Be Held Liable for Data Breaches?
Corporations can be held liable for data breaches, especially if they are found to have failed to adequately protect sensitive information. Liability depends on various factors, including the nature of the breach, the type of data that has been compromised, and the jurisdiction’s legal framework.
In many regions, data protection laws mandate that companies implement robust security measures to safeguard personal data. For instance, the General Data Protection Regulation (GDPR) in the European Union imposes strict requirements on data protection and can levy hefty fines for non-compliance.
Similarly, in the United States, laws like the California Consumer Privacy Act (CCPA) set standards for data security and consumer rights regarding personal information.
When a data breach occurs, corporations may face legal consequences if it is determined that they were negligent in securing data. This negligence could involve inadequate encryption, poor cybersecurity practices, or failure to comply with regulatory standards. Affected individuals or regulatory bodies can sue for damages, seeking compensation for losses or harm resulting from the breach.
Additionally, corporations may face reputational damage, loss of customer trust, and financial losses due to remediation efforts, legal fees, and potential fines. So, it is in a corporation’s best interest to prioritize data security and comply with relevant laws to mitigate the risk of liability in the event of a data breach.
Protecting Yourself from Fraud
Taking immediate action is crucial to minimize or prevent potential damage if your information is involved in a data breach. Begin by identifying what data was exposed. If it includes sensitive information like Social Security numbers, bank account details, or passwords, prioritize these areas first.
Change passwords for affected accounts immediately, and use strong, unique passwords for each account. Consider using a password manager to keep track of them. Enable two-factor authentication wherever possible to add an extra layer of security.
Monitor your financial accounts closely for any unauthorized transactions. Report any suspicious activity to your bank or credit card company immediately. It is also wise to check your credit reports from the major bureaus (Equifax, Experian, and TransUnion) for any signs of fraud or new accounts opened in your name.
Place a fraud alert or credit freeze on your credit report to prevent new accounts from being opened without your consent. A credit freeze is more secure, as it entirely restricts access to your credit report.
Stay vigilant for phishing attempts. Scammers often use data from breaches to craft convincing phishing emails. Be cautious of unsolicited emails or messages requesting personal information.
Consider enrolling in identity theft protection services, which can offer additional monitoring and assistance if your identity is stolen. Last but not least, stay informed about the breach and adhere to any instructions given by the impacted company.
Suppose you have suffered losses due to a data breach caused by a company’s negligence. In that case, it is important that you contact a California data breach lawyer to obtain more information about pursuing your legal rights. You may be entitled to receive compensation for your losses.
Source: https://abc7.com/post/att-cell-customers-call-text-records-exposed-massive/15053467/?s=0
