On July 12, 2024, AT&T announced the records of calls and text messages of almost all AT&T cellular customers were compromised via a third-party cloud platform. According to a statement made by AT&T, the compromised data does not contain the content of the calls and text messages. It also does not contain personally identifiable information such as Social Security numbers, dates of birth or customer names. At this time, AT&T states there is no indication that the compromised data is publicly available. 

Although AT&T states that personally identifiable information was not leaked, organizations are still encouraged to be vigilant against mobile threats. Kern Smith, Vice President, Americas, at Zimperium states, “Mobile devices are one of the primary targets for attackers to compromise credentials, through either phishing, malware, network or device exploits attacks and are often overlooked by companies as part of their overall security strategy. It is important that organizations ensure that both they and their vendors have appropriate security tooling in place to prevent credential compromises which can be leveraged downstream for larger attacks and breaches. As part of a comprehensive security strategy, organizations must ensure that both they and their vendor’s mobile devices are protected from these attacks.” 

How might this stolen data be used? 

The compromised data could lead to further privacy violations. Javvad Malik, Lead Security Awareness Advocate at KnowBe4, states, “It is deeply concerning that an organization of AT&T’s stature and resources failed to detect such a massive breach for an extended period. The fact that the breach continued into early 2023 and affected not only AT&T’s direct customers but also those from other carriers using AT&T’s network, underscores the far-reaching consequences of such incidents.

“The inclusion of cell site identification numbers in the stolen data is particularly alarming, as it could potentially allow for the triangulation of users’ locations. This adds a physical dimension to the already extensive privacy violation and could expose individuals to highly targeted and convincing social engineering attacks, not to mention compromising the physical security of individuals, such as those trying to escape abusive relationships. The stolen metadata, while perhaps not immediately recognized as sensitive, can paint a detailed picture of an individual’s daily life, habits and associations, making it a valuable asset for those with malicious intent.

“The long-term impact of this breach cannot be overstated. The exposed data could be exploited for sophisticated phishing attempts, identity theft and other nefarious activities for years to come. It is a stark reminder that the repercussions of a data breach extend far beyond the initial incident and can have lasting consequences for the affected individuals.

“As the full extent of the breach continues to unfold, it serves as a wake-up call for both organizations and individuals. Organizations must priorities cybersecurity and implement stringent measures to detect and prevent such incidents. Consumers, on the other hand, must become increasingly vigilant about their digital footprint and take steps to protect their personal information.

“Complacency is not an option. Continuous education, robust security practices and a collective commitment to data protection are essential to protect against cybercrime. Only through a concerted effort can we hope to build a more secure digital future.”

How can organizations respond? 

As more details are released about this breach, impacted organizations and individuals can act more accordingly. However, in the meantime, those affected can take steps to further secure sensitive information. 

Darren Guccione, CEO and Co-Founder at Keeper Security, advises says, “AT&T’s latest announcement revealing another major data breach is a painful, second blow to the millions of customers who have already lost trust after having their private information exposed by the company earlier this year. Although the leaked phone records do not contain the contents of calls and text messages, they do provide records of who customers interacted with, and some include identification numbers that could help bad actors determine where calls were made and texts were sent. 

“The disclosure of this information — following the leak of Social Security numbers, names, email and mailing addresses, phone numbers, dates of birth, account numbers and passcodes — is a clear violation of personal privacy and trust. These massive breaches, affecting millions of customers, underscore the persistent and evolving threats to digital security, and why everyone must take concrete, proactive steps to safeguard their own sensitive information. 

“Although the information in AT&T’s latest breach is less sensitive than the personal details leaked in the prior breach, customers affected by either of these breaches should take the following steps to protect their identity:

• Change the password and passcode for your AT&T account immediately. A password manager can generate strong and unique passwords for every account.
• Enable Multi-Factor Authentication (MFA) to add an extra layer of security that makes it more difficult for cybercriminals to access your accounts.
• Monitor your accounts for suspicious activity including strange transactions, unrecognized login attempts and sign-ins from unknown devices.
• Sign up for a dark web monitoring service so you can be notified immediately if your information has been compromised.
• Freeze your credit to prevent lenders from approving new loans or credit lines in your name. You can unfreeze it at any time. 

“This breach is also a wakeup call for organizations to reevaluate their cybersecurity strategies, emphasizing proactive measures over reactive responses. As cyber threats evolve, organizations must prioritize protecting customer data. Today, identity applications require both authentication and end-to-end encryption to provide robust cybersecurity protection. Cybersecurity technologies protecting these environments must cover every user, on every device, from every location. 

“Data shows the human element is far more difficult to protect, and often, the most error-prone element of the attack chain, therefore, organizations should focus on implementing zero-trust security architecture and a policy of least-access to prevent unauthorized privilege escalation and ensure strict enforcement of user access roles. A Privileged Access Management (PAM) platform is essential for managing and securing privileged credentials, ensuring least privilege access and preventing lateral movement in the event of a breach.

“Robust threat intelligence, continuous monitoring and rapid incident response are also critical. Companies should have security event monitoring to detect and analyze privilege escalations, enabling the detection and blocking of anomalous behavior.”