In a required regulatory filing AT&T recently disclosed that it had suffered a significant data breach affecting pretty much all of its 109 million customers.  The data breach was not of AT&T’s computers, but rather of the cloud data provider Snowflake where AT&T stored data.   AT&T is not alone in being affected by the hack of Snowflake.  Other companies whose customer data stored through Snowflake  was stolen include Allstate, State Farm and Santander bank.  All in all 160 companies storing data through Snowflake have been affected by data breaches.

The data stolen in this recent AT&T data breach did not include the content of calls or text messages, Social Security numbers, dates of birth or any other personally identitfying information.  Rather the data stolen is what is referred to as metadata which is data that indicates when a call or text was made, the phone numbers involved and the location of the phones used.  This information is not particularly useful to scammers and identity thieves, but is used by nations in intelligence gathering.  China, in particular has been accused of stealing metadata from telecommunications companies in Southeast Asia in 2021 and you may remember in 2013 when Edward Snowden leaked documents that revealed an extensive metadata collection program being operated by the National Security Agency (NSA).

There have been some reports that the FBI has an individual suspect, but my opinion is that this data breach was done by China or some other country as a part of its intelligence gathering.  One reason to support this is that unlike the previous recent AT&T data breach  in which personal information  of 74 million past and present AT&T customer was stolen, none of the present metadata is being offered on the Dark Web to other identity thieves and cybercriminals which is the usual pattern in data breaches.

As I have reminded you many times, we are only as safe and secure as the security of the companies, government agencies and websites that have our personal information.  Even if you are extremely diligent in protecting your personal information, you can be in danger of identity theft and scams if your personal information falls into the hands of hackers.  This particular data breach highlights the lack of proper security measures by companies and government agencies.  Many of the companies using Snowflake did not even use dual factor authentication.

So long as companies are not legally punished for failing to properly protect their data, we can expect these data breaches to continue.

Meanwhile, we are left with the question as to what can you do to protect yourself from these data breaches that will be occurring?

TIPS

One important lesson is to limit the amount of personal information that you provide to companies and websites whenever possible.  For example, your doctor doesn’t need your Social Security number for his or her records.

You should make sure that you have a unique password for each of your online accounts so that if one of your passwords is compromised in a data breach, all of your accounts will not be in danger.  If your information is compromised in a data breach, you should immediately change the password for that account.

If you have not already done so, set up dual factor authentication for each of you accounts where it is available. This will protect you from having those accounts stolen by someone who may have access to your password.

If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/