Lessons from the AT&T Data Breach

Fortis Cyber Solutions is committed to informing you about cybersecurity threats to help you stay aware. Recently, AT&T experienced a significant data breach, and we want to share the details to help you protect your information. This incident did not involve Fortis Cyber Solution’s systems or services. However, there is much to learn from this and other recent data breaches.

Incident Overview

AT&T recently disclosed a significant data breach involving the theft of call and text message logs from their workspace, managed by their vendor, Snowflake. This breach affected approximately 109 million AT&T cellular customers, customers of mobile virtual network operators (MVNOs) using AT&T’s network, and even AT&T landline customers who interacted with those cellular numbers. The compromised data includes records from May 1, 2022, to October 31, 2022, and a smaller subset from January 2, 2023.

Data Centralization Risks

This incident underscores the risks associated with data centralization. When vast amounts of sensitive data are stored in a single location, they become a prime target for cybercriminals. The AT&T breach highlights the critical need for robust security measures and decentralized data storage solutions to mitigate such risks. At Fortis Cyber Solutions, we advocate for distributed data storage and regular security audits to prevent similar incidents.

Potential Risks

While the content of calls and texts was not compromised, the stolen metadata includes telephone numbers and details about the interactions. Scammers can use this information to impersonate trusted individuals and trick you into divulging personal information. For instance, attackers might manipulate Caller ID information to make it look like a trusted contact is calling or texting you, thereby deceiving you into providing sensitive information or money by pretending to be someone you know.

Protective Measures

To safeguard yourself and your organization from potential scams resulting from this incident, we recommend the following:

• Be cautious of Caller ID information. Caller IDs can be easily spoofed, so do not rely solely on them to verify a caller’s identity.
• Verify sensitive requests. If you receive a call or text asking for money, passwords, or other confidential information, hang up and call back using a number for the requestor you know to be genuine. Consider using secure communication methods, such as encrypted messaging apps like Signal, when doing so.
• Be wary of requests for personal information. Legitimate organizations will not ask for personal, account, or credit card details via text or call.
• Ignore texts from unfamiliar senders. Refrain from responding to or clicking on links in texts from unknown numbers.
• Stay updated. Regularly check for updates and advice from trusted sources, such as the Federal Communications Commission (FCC) and your mobile provider, about avoiding fraud and scams.

Our Commitment

At Fortis Cyber Solutions, we invest heavily in delivering highly secure products, services, and 24/7 system monitoring. This commitment includes keeping you informed about potential security threats.

Don’t hesitate to reach out to speak with one of our experienced experts or set up a free cybersecurity assessment.

---

This article is for informational purposes only and should not be taken as legal or investment advice. For a professional opinion on cybersecurity and your information technology systems, we recommend that you schedule a call with one of our experts or any trusted cybersecurity professional.