AT&T Data Breach Update

Steve Gibson relays the newest details from the AT&T Data Breach

As contract negotiations grind to a halt between AT&T and its union employees of Communications Workers of America, AT&T would like its customers to believe business will continue as usual if a prolonged strike occurs. This could not be farther from the truth. AT&T has broken trust with the public by using poor online safety and security protocols.

In the video above, Steve Gibson (founder of Gibson Research Corporation and renowned computer security expert) reviews an article from Bleeping Computer, that was released on April 10, 2024.

The article states that “AT&T is notifying 51 million former and current customers, warning them of a data breach that exposed their personal information on a hacking forum. However, the company has still not disclosed how the data was obtained.” Gibson says that AT&T has denied the hack even happened for up to 3 years.

Once affected AT&T customers were notified that their information had been stolen, AT&T released a statement saying,

“The [exposed] information varied by individual and account, but may have included full name, email address, mailing address, phone number, social security number, date of birth, AT&T account number and AT&T passcode,” reads the notification. “To the best of our knowledge, personal financial information and call history were not included. Based on our investigation to date, the data appears to be from June 2019 or earlier.”

But at least hackers didn’t steal your call history, right?! In the Security Now clip above, Gibson explains that the credentials that were stolen is everything needed for an imposter to open a line of credit your name. To make matters worse, Bleeping Computer reports:

“Considering that the data was stolen in 2021, cybercriminals have had ample opportunity to exploit the dataset and launch targeted attacks against exposed AT&T customers. However, the dataset has now been leaked to the broader cybercrime community, exponentially increasing the risk for former and current AT&T customers.”

AT&T has had their critical customer personal information floating out in the wild for over 3 years. If you have been part of this data leak, your risk of identity theft is elevated significantly.

Gibson goes on to encourage listeners to freeze their credit reports and keep them frozen until absolutely needed. He directs people to an Investopedia article entitled “How To Freeze and Unfreeze Your Credit” that gives detailed instructions on how to protect yourself from identity theft.

A credit freeze or security freeze allows you to restrict access to your credit reports. Freezing your credit can help prevent identity thieves from applying for new credit in your name if that requires a hard inquiry of your credit reports.

“Freezing your credit doesn’t mean your credit history is completely off-limits to everyone, however. Any companies that you have an existing credit relationship with will still be able to see your credit history even with a freeze in place. And government agencies executing a court order or search warrant will also be able to access your credit file.”

The United States government also has a website that details these instructions.

How does all of this apply to AT&T and its union employees who might be striking very soon? AT&T is openly showing its disdain and lack of loyalty to its customers by not disclosing this data breach in a timely manner, just as AT&T is openly showing disdain and lack of loyalty to the thousands of employees who make this network actually work.

Please support CWA and its members as we fight for a fair contract in 2024.