Last May we reported that giant online retail platform eBay got hacked into and lost personal data belonging to over 145 million users. The news stroke like lightning, as it was one of the biggest, most astute security breaches we came to stumble upon this year. However, in either eBay’s or Spotify’s cyber attack cases the users weren’t robbed of their financial data or highly sensitive personal information.
Unfortunately, the recently – reported AT&T security breach led to hackers getting their hands on the social security numbers and birth dates of a large pool of AT&T customers.
The news came as a shock on Friday, not because somebody actually tried and manage to steal AT&T users’ personal data but because of two main reasons:
1. The hacking scheme took place in April and it lasted two weeks.
2. It was an inside job executed by three employees of one of AT&T’s vendors.
There are a lot of pieces missing out of this puzzle: the company alerted the authorities only recently and it didn’t disclose the exact number of cyber – attacked AT&T users. There is also little information so far related to the three hackers, their whereabouts, their status (arrested or on the run trying to fraud into your banking details as we speak) or to why the company waited for almost two months before stirring the waters publicly.
However, there are official statements suggesting the company is trying to solve things out:
AT&T apparently contacted customers who have been affected via snail mail, with the carrier saying it will offer them one year of credit monitoring services free of charge. AT&T is also advising them to immediately change the passwords of their accounts.
If you are an AT&T customer, we cannot emphasize enough the importance of all cyber – attacked AT&T users to change their security filters and keep their eyes peeled to notice the slightest malevolent activity related to their credit cards, banking accounts and money transactions. It seems that the operation was elaborated in detail and it doesn’t involve direct financial hacking aimed to the users:
AT&T believes that the attackers were seeking to sell stolen AT&T phones on second-hand markets and hacked the AT&T database in order to get “unlock codes” for the phones, which would let the thieves disconnect the stolen phones from the AT&T network, thus letting the phones reconnect to other mobile networks. This makes the phone far more valuable in secondhand markets. The good news is, if the criminals are truly most interested in unlocking stolen phones, then only stolen phones are at risk. But because social security numbers were included as well, users should take steps to protect their identity, such as placing an alert on their credit report to watch for fraud.
Because we always say it is better to be safe than sorry, check your emails and full – proof your identity and money.