• February 16, 2023

A Brief History of AT&T Breaches

AT&T, one of the largest telecommunications companies in the United States, has faced several data breaches over the years. These incidents have exposed the personal information of millions of customers, making them potential targets for cybercriminals. In the most recent breach, personal data such as Social Security numbers, birthdates, contact information, and even phone records were compromised, although certain critical data remained secure.

What Was Stolen in the Last Breach?

In the latest breach, the following types of data were stolen:

  • Customer Names: Full names of account holders.
  • Contact Numbers: Phone numbers linked to the accounts.
  • Physical Addresses: Home addresses provided for billing and service purposes.
  • Social Security Numbers: Unique identifiers used for identification and credit checks.
  • Date of Birth: Personal identifiers critical for various verification processes.
  • Phone Records: Call logs, including numbers called, duration, and time of calls.
  • Text Messages: Contents and metadata of text messages sent and received.

What Was Not Available in the Most Recent Breach?

It’s important to note that some highly sensitive information was not compromised in the latest breach. This includes:

  • Credit Card Information: Payment card details were not accessed.
  • Bank Account Details: Banking information remained secure.
  • Passwords and PINs: Login credentials and PINs were not leaked.

While this might provide some relief, the data that was stolen can still be used in various malicious ways.

How Threat Actors Can Use the Stolen Data:

Threat actors can use the data from the AT&T breach in multiple ways to harm individuals. Here’s how they might combine this data with information from other breaches to target you:

  • Phishing and Vishing Attacks:
    • With your contact details and personal information, cybercriminals can create highly convincing phishing emails or text messages (known as vishing when done over phone calls). These messages might appear to come from legitimate sources, tricking you into providing additional sensitive information like login credentials or financial details.
  • Identity Theft:
    • The combination of your Social Security number, birthdate, and address can be used to commit identity theft. Criminals can open new credit accounts, apply for loans, or engage in other fraudulent activities in your name.
  • Credential Stuffing:
    • Even though passwords weren’t stolen in this breach, many people reuse passwords across multiple sites. Cybercriminals can use the information they have to try and access your other accounts. For example, if your email address was leaked in another breach, they might try to use the same password to access your email account.
  • Social Engineering:
    • With detailed personal information, attackers can craft sophisticated social engineering attacks. By knowing your full name, address, and other personal details, they can pose as trusted entities to extract more information from you or your acquaintances.
  • Account Takeovers:
    • The stolen data can be used to answer security questions on various accounts, allowing attackers to take over those accounts. They can reset your passwords and lock you out of your own accounts.
  • Combining Data from Multiple Breaches:
    • When combined with data from other breaches, the stolen information can provide a comprehensive profile of the victim. This makes it easier for attackers to conduct more effective and targeted attacks. For example, if another breach exposed your email and password, attackers can cross-reference this with your phone number and address from the AT&T breach to build a complete profile.
  • Exploiting Phone and Text Records:
    • Access to your phone and text records can be particularly invasive. Attackers can identify patterns, personal contacts, and sensitive conversations, which can be used for blackmail, further phishing attacks, or to gather more intelligence on you.

Protecting Yourself

To protect yourself from the potential fallout of the AT&T breach, consider the following steps:

  • Monitor Your Accounts: Regularly check your bank and credit accounts for any suspicious activity.
  • Enable Two-Factor Authentication (2FA): Use 2FA on all accounts that offer it to add an extra layer of security.
  • Be Skeptical of Unexpected Contacts: Be wary of unsolicited emails, texts, or calls asking for personal information.
  • Use Strong, Unique Passwords: Ensure your passwords are strong and unique for each account, and consider using a password manager.
  • Check Your Credit Reports: Regularly review your credit reports for any unauthorized activity.

By understanding the risks and taking proactive measures, you can better protect yourself against the misuse of your personal information.

The screenshot shows the information that is available to the threat actors on my personal email account. You can check your email address using the following link. This is a free service from Malwarebytes that is still in beta, but it will give you an idea on what info about your account the threat actors are using.

Digital Footprint Portal | Malwarebytes

Share to social media:

LinkedIn

Leave A Comment

Fields (*) Mark are Required

Recent Posts

Real world Scam – you must watch this!
February 16, 2023
Update on the AT&T Data Breach and How It Can Affect You
February 16, 2023
Locking Down Your Facebook Account
February 16, 2023

Archives

Popular Tag

Enguard, LLC – TM 2024. All Rights Reserved

Linkedin Instagram X-twitter

Contact Us

Terms of Service

Privacy Policy

John Mancuso, COO
Mancuso leveraged his extensive experience in technology and finance and founded LHH Consultants in 2023, providing consulting and incubating startup solutions, including EnGuard Cyber Security. Additionally, LHH has senior consulting roles in cryptocurrency mining, a CPG startup & an energy venture. While heading Stovell AI US sales, he grew revenue 15x and created new business lines in Central Risk Book solutions and Prime Broker services (Where he remains as a consultant). Prior, John was a 24-year veteran on Wall Street with both head-of-desk & leadership roles at Nomura/Instinet, JP Morgan, Jefferies & Deutsche Bank across high-touch services, electronic execution, Swaps, and Delta One.
Chris Terrell, President
Terrell had a 30 year career in Telecom and IT, in sales and sales management, before starting his own business in 2008 as a communications broker and consultant. The business grew to $1M+ in annual revenue with 6 employees and won numerous awards for growth and innovation within the Telecom Channel Community. In 2022, Chris sold his company and began to work on the Enguard Cyber Security foundation.
Henry Frith, CTO
Frith’s career with computers and data security began during his service in the U.S. Army, where he specialized in Encryption and Secure Communications. Presently, he is a Certified Information Systems Security Professional (CISSP) with over forty years of experience in the computer field, specializing in computer security as a Cybersecurity Engineer. Henry worked for prominent security companies such as Sophos, PGP, Symantec, Proofpoint, and McAfee, as well as several smaller vendors and startups before joining the Engaurd team.
George Acker, CEO
Acker is a seasoned executive leader with a 24-year track record of driving revenue growth and developing effective go-to-market strategies within the high-net-worth individual sectors with Bluedane Cyber and Airvel, as well as corporate cybersecurity solutions with Catalyst Solutions, Votiro, and Bandura Cyber. His dynamic leadership has resulted in significant revenue increases, successful business unit launches, and strategic exits. With cross-functional experience in corporate and personal cybersecurity prevention, protection, and remediation, coupled with strategic planning and start-up business development acumen, George is poised to lead the development and execution of Enguard's initiatives.
24/7 Protection, Customized for You
High-net-worth individuals need more than just security—they need seamless, hands-off protection that adapts to their lifestyle. Enguard’s concierge-level cybersecurity service ensures your digital safety with custom risk profiles and ongoing security reviews.
Your Digital Identity, Fully Secured
Cybercriminals target high-net-worth individuals through identity theft, financial fraud, and unauthorized data exposure. Enguard implements multi-layered privacy protection to keep your sensitive information secure.
Stay Ahead of Cyber Threats, Before They Strike
In today’s digital world, cyber threats evolve rapidly. Enguard’s real-time monitoring and rapid response system proactively identifies, isolates, and neutralizes cyber threats before they can impact you.
Uncover Hidden Risks, Strengthen Your Digital Defenses
Every individual has a unique digital footprint, and cybercriminals know how to exploit vulnerabilities. Enguard conducts a comprehensive security assessment to analyze weaknesses in your personal networks, devices, and data exposure.