AT&T Alerts 9 Million Customers of Data Breach Following Vendor Hack - 1

AT&T Alerts 9 Million Customers of Data Breach Following Vendor Hack

  • Written by Ari Denial Cybersecurity & Tech Writer

AT&T has revealed that an unauthorized individual accessed the Customer Propriety Network Information (CPNI) of approximately 9 million wireless customers via a vendor’s system. The affected customers are being notified by AT&T of the data breach.

The company has disclosed that the CPNI of some wireless accounts was exposed in the breach, including details such as the number of lines on an account or wireless rate plan.

It has been clarified that the exposed information did not include sensitive personal data such as Social Security Numbers, credit card information, or account passwords. The affected customers are being notified of the breach by AT&T.

The exposed CPNI data reportedly includes the first names of customers, email addresses, wireless phone numbers, and wireless account numbers.

According to AT&T, a small percentage of affected customers also had their rate plan name, monthly payment amount, past due amount, various monthly charges, and minutes used exposed in the breach. The company has stated that the exposed information was several years old.

The systems were not directly compromised in the vendor security incident that led to the data breach. The company clarified that the exposed data is mostly associated with device upgrade eligibility.

AT&T has stated that it has notified federal law enforcement agencies about the unauthorized access of its customers’ CPNI data, as required by the Federal Communications Commission. The company has also informed the affected customers about the breach through CPNI breach notification letters.

AT&T is advising its customers to toggle off CPNI data sharing on their accounts to reduce exposure risks in the future. Customers can make a CPNI Restriction Request to limit the sharing of their CPNI data for third-party vendor marketing purposes. This will help prevent unauthorized access to their data through third-party vendors in the future.

Microsoft Warns: Business Email Compromise Attacks Can Happen in Just a Few Hours - 2

Microsoft Warns: Business Email Compromise Attacks Can Happen in Just a Few Hours

  • Written by Ari Denial Cybersecurity & Tech Writer

Microsoft’s Security Intelligence team recently conducted an investigation revealing that threat actors conducting Business Email Compromise (BEC) attacks are operating at a faster pace. The study showed that the entire BEC attack process can now be executed within a few hours, likely aimed at reducing the chances of the victims detecting the attack and taking the necessary measures promptly.

The swift progression of these attacks ensures that targets have limited time to identify signs of fraud and take appropriate measures to prevent them.

The attacker gained access to the victim’s account and spent two hours scouring the mailbox for suitable email threads to hijack.

Hijacking email threads is an effective technique as it makes the fraudulent message appear like a continuation of a legitimate communication exchange, leading the recipients to trust it more.

Subsequently, the attacker registered deceptive domains by using homoglyph characters to make them look nearly identical to the websites of the target organization and the impersonated partner. Within five minutes, the attacker set up an inbox rule to divert emails from the impersonated partner organization to a designated folder.

Within the following minute, the attacker sent a malicious email to the business partner, requesting a wire transfer instruction change and promptly deleted the sent message to minimize the chances of the compromised user discovering the breach.

The entire process, from the initial sign-in to the deletion of the sent email, took a total of 127 minutes, indicating a sense of urgency on the attacker’s part.

According to Microsoft , their testing and evaluation of BEC detections and responses in customer environments, when faced with real-world attack scenarios, demonstrated that dozens of organizations had better protection when accounts were automatically disabled by Microsoft 365 Defender.

Microsoft states that their new automatic disruption capabilities provide the SOC team with complete control to investigate all actions taken by Microsoft 365 Defender, and if necessary, remediate any remaining impacted assets.