AT&T’s 2023 breach exposed data that should have been deleted

Hotstar in UAE
Hotstar in UAE

In terms of cybersecurity, 2024 has been especially unfortunate for AT&T. Agencies like the SEC and the carrier itself confirmed some data breach incidents that affected millions of customers’ data. Now, the FCC says that AT&T could have prevented one of the customer data leaks related to the hack of its cloud vendor, but it didn’t.

AT&T got a $13 million fine for a 2023 data breach related to a cloud vendor

In April of this year, AT&T found that a team of hackers breached the security of one of its cloud vendors and disclosed it publicly. The hackers were able to download millions of the carrier’s customers’ call and text records. The mobile carrier now faces a $13 million fine for its failure to protect the data. Furthermore, the government agency revealed more details regarding the incident

The name of the cloud vendor whose security was breached is not known, as the FCC’s public report refers to it as “Vendor X.” According to the report, AT&T gave “Vendor X” access to customer data from 2015 to 2017 to create personalized videos related to billing and marketing. A clause in the deal stated that the data must be “securely destroyed or deleted” by 2018. However, neither AT&T nor the cloud vendor guaranteed the destruction of the data.

The data breach originated in early 2023, several years after the 2018 deadline. So, basically, the hackers had access to information that was supposed to be destroyed years ago. The FCC revealed that the hacking team managed to download data from about 8.9 million AT&T wireless customers.

It was forced to establish new procedures for handling customer data

AT&T’s failure to take appropriate action represented a violation of data protection laws that all carriers must follow. As a result, the company was fined $13 million and forced to establish new methods for managing customer information. The monetary fine is “symbolic” considering the company’s billion-dollar profits. Investing in new security systems and procedures will likely cost more.

Fortunately, the hackers did not access extremely sensitive data such as social security or credit card numbers. However, it is surprising that AT&T left the security of millions of customers’ data in the air. This year, AT&T confirmed a separate data breach involving Snowflake, another cloud provider. This hack was especially severe, affecting call and SMS records from May to October 2022 from “nearly all” AT&T customers.

2024-09-21 15:07:11