Data breach hits keep on coming this year
Add Axios as your preferred source to
see more of our stories on Google.
Illustration: Allie Carl/Axios
The latest AT&T breach is just the cherry on top of a record-setting year for data breaches.
Why it matters: Phone records, health care data, financial records and other highly sensitive information are each at risk due to this year's deluge of data breaches.
Driving the news: AT&T is just the latest major corporation to disclose a massive data breach so far this year.
- The company said in an SEC filing and blog post Friday that hackers stole phone call and text message information of "nearly all of AT&T cellular customers" from between May 2022 and October 2022, as well as on Jan. 2, 2023, in a recent intrusion.
- The affected information doesn't include precise details about when a customer called and messaged someone or what was discussed in that conversation.
- It does include details about how many times each customer contacted specific phone numbers, AT&T revealed.
- The company is working with the FBI to investigate the breach, which it said happened sometime in April.
The big picture: At least 1 billion records have already been stolen or accessed in data breaches this year, according to TechCrunch.
- As many as 1 in 3 Americans may have been affected by a ransomware attack on Change Healthcare this year — and the long-term effects of this breach are still unclear, as Axios' Tina Reed reports.
- At least 165 organizations — including AT&T — may have had their data exposed, such as customer information, as part of a recent incident involving cloud computing company Snowflake.
- A hacker also published records on the dark web in March tied to 73 million current and former AT&T customers that were stolen during another attack.
Between the lines: It's easy for hackers to break into corporate networks — in part because corporations have so many potential points of entry to safeguard.
- One misstep or mistake can give a malicious attacker a way into a cloud storage site.
Threat level: Stolen records could help fuel phishing emails and identity theft, including fraudulent purchases. And they can help hackers access other corporate networks with more high-value information — especially if employees are reusing passwords.
- The more sensitive the stolen information is, the more incentive companies have to pay the hackers off.
- News reports suggest AT&T may have paid hackers $370,000 to prevent the publication of information stolen in the most recent breach. (AT&T declined to comment on the reports.)
What's next: Victims have already filed class-action lawsuits against AT&T and others in the wake of the recent data breaches.
The bottom line: Consumers aren't helpless following a data breach. Enabling multifactor authentication and using a password manager to create and store unique passwords can help offset the impacts of a single breach.
- AT&T said it will notify customers affected by the most recent incident.
- As of Monday, the company did not believe the most recently stolen data had been published online anywhere.
