ReportWire

Tag: breach

  • ‘Nearly all’ AT&T cell customers’ call and text records exposed in a massive breach

    ‘Nearly all’ AT&T cell customers’ call and text records exposed in a massive breach

    [ad_1]

    The call and text message records of tens of millions of AT&T cellphone customers and many non-AT&T customers in mid-to-late 2022 were exposed in a massive data breach, the telecom company revealed Friday.AT&T said the hacked data did not include the content of calls and text messages. At this point, the exposed data is not believed to be publicly available.AT&T blamed an “illegal download” on a third-party cloud platform that it learned about in April – just as the company was grappling with an unrelated major data leak.AT&T said the compromised data includes the telephone numbers of “nearly all” of its cellular customers and the customers of wireless providers that use its network between May 1, 2022 and October 31, 2022. The stolen logs also contain a record of every number AT&T customers called or texted – including customers of other wireless networks – the number of times they interacted and the call duration.The records of a “very small number” of customers on January 2, 2023 were also implicated, AT&T said. The content of the calls and texts were not exposed, according to the company.AT&T listed approximately 110 million wireless subscribers as of the end of 2022. AT&T said international calls were not included in the stolen data, with the exception of calls to Canada.The breach also included AT&T landline customers who interacted with those cell numbers.AT&T said customer names were not exposed in this incident, however the company acknowledged that publicly available tools can often link names with specific phone numbers.Additionally, AT&T said that for an undisclosed subset of its records, one or more cell site identification numbers linked to the calls and texts were also exposed. Such data could reveal the broad geographic location of one or more of the parties.“At this time, we do not believe that the data is publicly available,” AT&T said in a statement. “We sincerely regret this incident occurred and remain committed to protecting the information in our care.”AT&T promised to notify current and former customers whose information was involved and provide them resources to protect their information.Although the breach exposed phone and text records, AT&T said it does not contain the contents of the calls or texts, nor does it contain personal information such as Social Security numbers, dates of birth or other personally identifiable information.Usage details such as the time of calls and text messages were not compromised either.AT&T said it learned on April 19 that a “threat actor claimed to have unlawfully accessed and copied AT&T call logs.” The company said it “immediately” hired experts and a subsequent investigation determined hackers and exfiltrated files between April 14 and April 25.The company said the US Department of Justice Department determined in May and in June that a delay in public disclosure was warranted. It’s not clear why that the US government requested that data be delayed. CNN has reached out to the Justice Department for comment.AT&T shares fell 2% in premarket trading following the news.AT&T spokesperson Alex Byers told CNN that this new incident has “no connection in any way” to an incident disclosed in March. At that time, AT&T said personal information such as Social Security numbers on 73 million current and former customers was released onto the dark web.In the new incident, AT&T told CNN it learned in April that customer data was illegally downloaded from its workspace on Snowflake, a third-party cloud platform.Brad Jones, chief information security officer at Snowflake, told CNN in a separate statement that the company has not found evidence this activity was “caused by a vulnerability, misconfiguration or breach of Snowflake’s platform.” Jones said this has been verified by investigations by third-party cybersecurity experts at Mandiant and CrowdStroke.AT&T said it launched an investigation, hired cybersecurity experts and took steps to close the “illegal access point.”The company said it’s cooperating with law enforcement’s efforts to apprehend those responsible and understands at least one person has already been arrested.

    The call and text message records of tens of millions of AT&T cellphone customers and many non-AT&T customers in mid-to-late 2022 were exposed in a massive data breach, the telecom company revealed Friday.

    AT&T said the hacked data did not include the content of calls and text messages. At this point, the exposed data is not believed to be publicly available.

    AT&T blamed an “illegal download” on a third-party cloud platform that it learned about in April – just as the company was grappling with an unrelated major data leak.

    AT&T said the compromised data includes the telephone numbers of “nearly all” of its cellular customers and the customers of wireless providers that use its network between May 1, 2022 and October 31, 2022. The stolen logs also contain a record of every number AT&T customers called or texted – including customers of other wireless networks – the number of times they interacted and the call duration.

    The records of a “very small number” of customers on January 2, 2023 were also implicated, AT&T said. The content of the calls and texts were not exposed, according to the company.

    AT&T listed approximately 110 million wireless subscribers as of the end of 2022. AT&T said international calls were not included in the stolen data, with the exception of calls to Canada.

    The breach also included AT&T landline customers who interacted with those cell numbers.

    AT&T said customer names were not exposed in this incident, however the company acknowledged that publicly available tools can often link names with specific phone numbers.

    Additionally, AT&T said that for an undisclosed subset of its records, one or more cell site identification numbers linked to the calls and texts were also exposed. Such data could reveal the broad geographic location of one or more of the parties.

    “At this time, we do not believe that the data is publicly available,” AT&T said in a statement. “We sincerely regret this incident occurred and remain committed to protecting the information in our care.”

    AT&T promised to notify current and former customers whose information was involved and provide them resources to protect their information.

    Although the breach exposed phone and text records, AT&T said it does not contain the contents of the calls or texts, nor does it contain personal information such as Social Security numbers, dates of birth or other personally identifiable information.

    Usage details such as the time of calls and text messages were not compromised either.

    AT&T said it learned on April 19 that a “threat actor claimed to have unlawfully accessed and copied AT&T call logs.” The company said it “immediately” hired experts and a subsequent investigation determined hackers and exfiltrated files between April 14 and April 25.

    The company said the US Department of Justice Department determined in May and in June that a delay in public disclosure was warranted. It’s not clear why that the US government requested that data be delayed. CNN has reached out to the Justice Department for comment.

    AT&T shares fell 2% in premarket trading following the news.

    AT&T spokesperson Alex Byers told CNN that this new incident has “no connection in any way” to an incident disclosed in March. At that time, AT&T said personal information such as Social Security numbers on 73 million current and former customers was released onto the dark web.

    In the new incident, AT&T told CNN it learned in April that customer data was illegally downloaded from its workspace on Snowflake, a third-party cloud platform.

    Brad Jones, chief information security officer at Snowflake, told CNN in a separate statement that the company has not found evidence this activity was “caused by a vulnerability, misconfiguration or breach of Snowflake’s platform.” Jones said this has been verified by investigations by third-party cybersecurity experts at Mandiant and CrowdStroke.

    AT&T said it launched an investigation, hired cybersecurity experts and took steps to close the “illegal access point.”

    The company said it’s cooperating with law enforcement’s efforts to apprehend those responsible and understands at least one person has already been arrested.

    [ad_2]

    Source link

  • Data breach may have involved millions of patients, Kaiser says. What was leaked?

    Data breach may have involved millions of patients, Kaiser says. What was leaked?

    [ad_1]

    Kaiser Permanente is notifying 13.4 million patients their data may have been sent to Google, X and other third-party vendors.

    Kaiser Permanente is notifying 13.4 million patients their data may have been sent to Google, X and other third-party vendors.


    Anna Buchmann

    The Sacramento Bee

    A data breach may have exposed data on millions of Kaiser Permanente patients, the California-based health care chain reported.

    Kaiser is notifying 13.4 million current and former patients about the breach, it said in a statement to McClatchy News. The health care chain is based in Oakland, California.

    Online software may have inadvertently sent data to third-party vendors such as Google, Microsoft Bing and X, formerly known as Twitter, the company said.

    The data was related to IP addresses, names and information on when patients signed onto accounts or how they navigated through Kaiser websites, the statement said.

    “No usernames, passwords, Social Security numbers, financial account information or credit card numbers were included in the transmission to these third parties,” Kaiser said.

    The company has removed the software involved in the breach from its sites and continues to investigate the issue, the statement said.

    Kaiser is not aware of any misuse of the data but is notifying patients “out of an abundance of caution,” the company said.

    Kaiser Permanente has 40 hospitals and 618 medical facilities in California, Colorado, the District of Columbia, Georgia, Hawaii, Maryland, Oregon, Virginia and Washington, according to its site.

    Don Sweeney has been a newspaper reporter and editor in California for more than 25 years. He has been a real-time reporter based at The Sacramento Bee since 2016.

    [ad_2]

    Don Sweeney

    Source link

  • Crypto.com Admits $35 Million Hack

    Crypto.com Admits $35 Million Hack

    [ad_1]

    Crypto.com, one of the biggest and best known cryptocurrency exchanges in the world now backed by superstar actor Matt Damon, has admitted that 483 of its users were hit in a hack earlier this month, leading to unauthorized withdrawals of bitcoin and Ether worth $35 million. The company had initially said $15 million was taken in the heist.

    “On 17 January 2022, Crypto.com learned that a small number of users had unauthorized crypto withdrawals on their accounts,” Cyrpto.com wrote in a post on Thursday. “Crypto.com promptly suspended withdrawals for all tokens to initiate an investigation and worked around the clock to address the issue. No customers experienced a loss of funds. In the majority of cases we prevented the unauthorized withdrawal, and in all other cases customers were fully reimbursed.”

    The company said that on Monday it saw that for a handful of accounts, transactions were being approved without the second-factor of authentication (the additional one-time code beyond the password allowing access to an account) being entered by a user. As it investigated, all withdrawals across Crypto.com were put on hold, lasting 14 hours. It then required all customers to login again and go through a new two-factor authentication process.

    As an additional measure, Crypto.com introduced a feature that means when a new address is added as a payee on an account, the user will get notifications and have 24 hours to cancel any payment if they didn’t authorize it.

    Finally, it’s announced the Worldwide Account Protection Program (WAPP), promising to restore funds up to $250,000 for users who qualify. To qualify, users have to be using multi-factor authentication and have filed a police report that it can show Crypto.com. “While we are reminded of the existence of bad actors intent on committing fraud, this new Worldwide Account Protection Program, along with our new MFA [multi-factor authentication] infrastructure, gives our users unprecedented protection of their funds, and hopefully, peace of mind,” said Kris Marszalek, cofounder and CEO of Crypto.com.

    There remains little in the way of an explanation of how the attack actually occurred, however. The internal investigation continues.

    The company has been making a name for itself of late with partnerships with Matt Damon and Water.org, as well as its purchase of the naming rights to the Staples Center in Los Angeles.

    The breach at Crypto.com is one of many hacks resulting in multimillion losses in the cryptocurrency industry. Indeed, it pales in comparison to the huge $600 million theft that hit blockchain-based platform Poly Network. That story took a strange turn when the hacker gave back all the funds.

    [ad_2]

    Thomas Brewster, Forbes Staff

    Source link