AT&T Breach: Big Corps Keep Losing Our Personal Data – What Can We Do?

Four months after a security breach impacted millions of AT&T customers, the company confirmed that a new attacker has stolen”‘nearly all” of its customers’ data.

AT&T’s website security incident post and disclosure to regulators reveal that the stolen data included phone call and text message records of nearly all of AT&T’s cellular customers from May 1, 2022, to October 31, 2022, and January 2023.

The data also includes other phone numbers that an AT&T wireless number interacted with during this time, including AT&T landline (home phone) customers.

It has since been alleged that AT&T paid the hackers $370,000 in Bitcointo delete all the data.

Big corporations continue to suffer breach after breach, and each time they leave the keys in the locks, customers find all their data exposed—and when it comes to phone records, some of it is potentially sensitive.

Despite the regulations designed to stop it and the promises of cloud security, the problem is not going away. Today, Techopedia explores the problem from a technology angle.

As it should not be up to customers to “change their passwords”, it should be the duty of the companies to keep the hackers at bay.

Table of Contents Table of Contents

1. Key Takeaways
2. The Snowflake Domino Effect: It's Always the Cloud that Gets You
3. Decentralized Clouds: The Big Tech Taboo Word
4. Doing the Same Thing Over and Over Again and Expecting Different Results
5. The Bottom Line: Never Store All Your Eggs in One Basket
6. References

Show Full Guide

Table of Contents

1. Key Takeaways
2. The Snowflake Domino Effect: It's Always the Cloud that Gets You
3. Decentralized Clouds: The Big Tech Taboo Word
Show Full Guide
4. Doing the Same Thing Over and Over Again and Expecting Different Results
5. The Bottom Line: Never Store All Your Eggs in One Basket
6. References

The Snowflake Domino Effect: It’s Always the Cloud that Gets You

The AT&T data affected was exfiltrated from its third-party cloud environment, operated by Snowflake. AT&T is the third company in recent weeks to confirm a security incident in Snowflake’s cloud environment. Other companies affected by the Snowflake breach include Ticketmaster and LendingTree subsidiary QuoteWizard, and about 165 Snowflake customers.

While AT&T works out how to notify around 110 million of its customers to inform them that their phone numbers, calling, text, and location-related data were stolen, those affected are left wondering what to do next. It has become evident that big corporations are having a very hard time protecting user data in cloud and hybrid cloud environments.

Sean Deuby, Principal Technologist at Semperis, an identity-driven security and threat mitigation platform for cross-cloud and AD hybrid environments, spoke to Techopedia about the breach and wider trend.

“The AT&T breach being reported is massive as it appears to be impacting every customer in a five-month period between May and October 2022.

“Unfortunately, other prominent telcos have been caught up in this never-ending breach syndrome that impacts every organization large and small”

Clyde Williamson, Product Manager, Protegrity, a data-focused security company, referred to the impacts and consequences that detach from the news.

“Data breach incidents at this scale are no longer an anomaly — they’re the new normal.”

Williamson explained that the AT&T stolen customer data is now in the hands of threat actors, who can glean whatever inferences they can from the numbers called, how long they were called, the number of times they were called, and more.

“Stolen data has a long tail of impact, not just on the companies, but also on the trust customers place in them.

“Data breaches of increasing impact and size are happening more often, making it critical that organizations rethink their approach to data security and protection.”

Decentralized Clouds: The Big Tech Taboo Word

Given the state of security for cloud environments, what should leading companies do? Is there an alternative to the cloud models being offered and developed today?

The answer is “Yes”, but due to its nature to deconcentrate power from single entities, and its ability to heavily compete with the current cloud establishment, the idea has become somewhat of a big tech taboo.

Davi Ottenheimer, VP of Trust & Digital Ethics at Inrupt, a company that supports Solid, a web decentralization project founded by the inventor of the World Wide Web, Tim Berners-Lee, tackled the issue head-on when speaking to Techopedia.

“What can corporations do? I’d like to start with the simplest answer, which is that instead of storing all customer data in any centralized database, AT&T could implement a distributed system.”

Ottenheimer broke down how decentralized web architectures operate. He explained that in these systems each customer would have their personal data storage.

“It’s not like AT&T customers are forced to share mobile phones. They get their own phone, and they get their own private line with it when they make calls, so why don’t they get their own storage with it as well?”

Decentralized infrastructures can significantly change the security landscape, as any attacker would need to compromise each individual device or asset rather than haul off everyone in a single centralized database.

“This approach significantly reduces the risk of large-scale data breaches like the one AT&T experienced. And since it’s just an upgrade to existing Web protocols, it doesn’t require much change from existing data architectures.”

While Ottenheimer lays out a decentralized cloud structure where users store their own data, there countless other types of decentralized models that operate under the same premise.

Centralized cloud storage — where all the information is stored in one location — when compared to decentralized storage and operations from a security perspective sounds like an outdated idea.

The decentralized cloud movement leveraging new technologies like artificial intelligence, machine learning, and blockchain or distributed ledgers is rapidly emerging as a viable alternative.

Startups working with decentralized blockchain environments have recently received $200 million from investors to boost decentralized platform development. This proves that the decentralization of architectures is gaining momentum.

Decentralized cloud storage (DCS) offers a shift from traditional centralized models by distributing data across a network of independent devices. This approach promises several advantages for data security:

• Reduced Attack Surface: Unlike centralized servers, there’s no single point of failure for attackers to target.
• Enhanced User Control: Users retain ownership of their data and control access permissions.
• Improved Privacy: Encryption techniques ensure data remains confidential even on the storage network.

Companies already operating these systems include Filecoin, Siacoin, Storj Labs, Spheron Network, and many others.

Doing the Same Thing Over and Over Again and Expecting Different Results

When cybersecurity events hit, exposing millions of customer data, a familiar cycle unfolds. Companies scramble to contain the breach, notify affected individuals, and offer credit monitoring services.

Then regulators launch investigations, potentially resulting in fines and penalties.

In the meantime, cybersecurity experts issue warnings and reiterate best practices – strong passwords, multi-factor authentication, and vigilant monitoring. Yet, despite these reactive measures, major data breaches continue to occur with alarming frequency. This repetitive response raises troubling questions.

Nick Hyatt, Director of Threat Intelligence at BlackPoint Cyber, a security company with headquarters in Colorado, U.S., shared with Techopedia ways customers can change this cycle.

“The first thing we should do is stop assuming that corporations will do anything above the bare minimum to protect our data.

“In a perfect world, the impetus would not be on individuals to go to extremes to protect their data, but we don’t live in a perfect world.”

Hyatt added that we also need to pressure legislators to hold companies that suffer massive data breaches liable; “nothing will change until there is a reason for change”.

Matt Radolec, Vice President of Incident Response and Cloud Operations at Varonis, an automated, battle-tested cloud security company told Techopedia that AT&T joined the list of at least 170 other companies who did not have the appropriate configurations in place on Snowflake to prevent attackers from re-using passwords and stealing sensitive data.

He advised all customers to do these three things:

1. Write to these companies and ask them: “How do you protect my data?”
2. Contact your state and federal legislative representatives and demand stronger protections for personal data and harsher penalties for those who abuse it.
3. Write to Snowflake and demand that they take the security of the data that their customers put in Snowflake more seriously!

The Bottom Line: Never Store All Your Eggs in One Basket

A more proactive approach from customers is definitely needed to turn the tide around.

However, companies should also consider radical new structures that can better protect modern digital operations.

Centralized systems offer many economic benefits but focus all resources and power in a single interconnected environment.

Decentralized cloud infrastructures are complex to implement, and are a steep learning curve technology, however, they expand the digital attack surface, significantly deterring attackers.

Given the current global threat landscape and cloud vulnerabilities, a drastic shift is needed, and decentralized clouds could well be the solution.