AT&T data breach: experts call for enhanced security and vigilance

A recently disclosed data breach at telecommunications giant AT&T has become a significant point of concern for both the industry and its customers. The breach, which spanned five months from May to October 2022, has reportedly impacted all AT&T customers within that period. The magnitude of this breach has garnered expert commentary and sparked discussions on the importance of robust cybersecurity measures.

Sean Deuby, Principal Technologist at Semperis, weighed in on the incident: "The AT&T breach is massive as it appears to be impacting every customer in a five-month period." He noted that while AT&T has reassured customers that highly sensitive information such as social security numbers and time stamps were not compromised, the incident is part of a larger, troubling trend of breaches affecting organisations both big and small.

Deuby highlighted the persistent nature of threat actors who target critical infrastructure in sectors such as telecommunications and healthcare. "Persistent threat actors are successfully targeting these organisations, looking for gaps in their security architecture until they find a weak spot and steal whatever they want," he said. These attackers often compromise identity systems like Microsoft’s Active Directory or Entra ID, providing them with access to a wealth of sensitive information on employees, customers, and business strategies.

One of Deuby's key takeaways was the importance of adopting an assumed breach mindset. He asserted that organisations need to develop robust backup and recovery plans as a vital part of operational resiliency. "Preparing in peacetime is the key: in cases of ransomware, if you find out about the attack because you've received a ransom note, it's too late," he emphasised. Deuby urged companies to prioritise and rehearse their cybersecurity measures just as they do with scheduled systems maintenance.

Adding to the conversation, Todd Moore, Thales' Global Lead for Data Security, stressed the fundamental necessity of compliance with cybersecurity standards. "Compliance with cybersecurity standards is not just a regulatory requirement but a fundamental necessity for safeguarding sensitive data. Our recent Data Threat Report found that companies failing compliance checks were ten times more likely to suffer a data breach than those who passed," Moore remarked.

Moore elaborated on the need for strong encryption, regular software updates, multi-factor authentication (MFA), and an identity and access management system to mitigate the risk of breaches. He also mentioned the critical role of ongoing behavioural or posture monitoring to detect non-compliant, risky, or suspicious data access behaviour, thus defending against intrusions. This proactive stance, he argued, should be an integral part of a broader security-in-depth strategy.

For consumers affected by the AT&T breach, Moore offered several actionable steps. He advised impacted individuals to change their passwords immediately, enable two-factor authentication (2FA) for added security, and monitor their accounts for any unusual activities. Additionally, notifying relevant financial institutions and ensuring devices and software are updated with the latest security patches are crucial measures to mitigate further risks. "Check your email for signs of unauthorised access and secure your email account," he added.