AT&T Data Breach Exposes 109 Million Wireless Customers
On July 12, 2024, AT&T revealed a significant data breach affecting approximately 109 million of its wireless customers. The breach was tied to an attack on Snowflake, a third-party cloud service utilized by AT&T, occurring between April 14 and April 25, 2024. While the compromised data included phone call and text message records from May 2022 to January 2023, it notably did not contain the content of those communications or any personally identifiable information (PII) such as Social Security numbers. The attackers reportedly received around $370,000 in Bitcoin to delete the stolen data. The FBI is currently investigating the incident, and AT&T has established resources for affected customers to verify if their data was compromised. This breach underscores the vulnerabilities associated with relying on third-party cloud services and the need for robust data protection measures.
Also In Security Today
- Critical OpenSSH Vulnerability (CVE-2024-6387): A newly discovered flaw in OpenSSH allows unauthenticated remote code execution under specific conditions. Security teams are urged to patch immediately to mitigate this risk. Cognisys
- ServiceNow MID Server Vulnerabilities: Multiple vulnerabilities have been identified in ServiceNow's MID Server components, which could lead to unauthorized code execution. Organizations using these components should prioritize updates. Security Boulevard
- Ransomware Attack on Logistics Firm: A major logistics company suffered a ransomware attack, disrupting operations across several regions. The firm is working with law enforcement and cybersecurity experts to address the incident.
- New Malware Variant Targets IoT Devices: A new variant of malware specifically designed to target IoT devices has been discovered, raising concerns about the security of connected devices in homes and businesses.