AT&T’s massive customer-data leak highlights the risks of “breach fatigue”
Hard reset… AT&T’s investigating a major breach that exposed a trove of sensitive customer data on the dark web last month. The personal info of 70M+ current and former customers got leaked, including SSNs and addresses. This week, AT&T reset the passcodes of 7.6M affected current customers and is offering some of them free credit monitoring. As Americans stay glued to their phones, cell service providers have become goldmines of personal data, and prime targets for cybercrime.
Ask for forgiveness… not permission. Telecom biggies like AT&T and T-Mobile can sell customer data to advertisers or vendors — but users are often opted into accepting this data-sharing by default. While telecom cos usually have robust security budgets, their practice of sharing data with third parties creates weak spots. Last year, AT&T told 9M customers that their data had been accessed in a breach involving one of its vendors. It’s not the only one:
High bill: Every US 5G provider had a security incident last year, with T-Mobile reporting two data breaches. In 2022, T-Mobile agreed to pay $500M to settle a class-action suit over a breach that exposed 76M+ customers’ records.
Small print: Many wireless customers can opt out of personal data tracking and sharing, but it’s often buried deep in account settings.
Consumers have breach fatigue… Breaches happen so often now that users are largely unfazed by them (how many “password compromised” alerts have you gotten recently?). That leaves some companies unmotivated to invest in more security. Meanwhile, hackers are doubling down: the global cost of cybercrime is forecast to hit $24T by 2027, tripling from 2022.