AT&T resets account passcodes after millions of customer records leak online
TechCrunch: AT&T has reset millions of customer account passcodes after a significant data breach, revealed when a large dataset containing AT&T customer records was published online. The breach, which AT&T is investigating with cybersecurity experts, dates back to 2019 or earlier, affecting around 7.6 million current and 65.4 million former account holders. The leaked data includes customer names, addresses, phone numbers, birth dates, Social Security numbers, and encrypted passcodes. Security experts found the encrypted passcodes easy to decrypt, raising concerns over account security. This acknowledgment comes years after a hacker claimed to have stolen 73 million AT&T customer records, a claim AT&T initially denied. The recent publication of the complete dataset on a cybercrime forum has allowed for verification of the data’s authenticity. AT&T is contacting impacted current and former customers and has offered guidance on securing their accounts.
Microsoft faulted for ‘cascade’ of failures in Chinese hack
Washington Post ($): A review board report has criticized Microsoft for cybersecurity lapses that allowed a targeted Chinese cyberattack on U.S. officials’ emails. The breach ransacked the Microsoft Exchange Online mailboxes of numerous organizations and individuals worldwide, and was deemed preventable, highlighting a need for an overhaul in Microsoft’s security culture. The attack exploited security gaps in Microsoft’s cloud, exposing sensitive communications and underscoring the tech giant’s challenges in maintaining the security and transparency of its cloud infrastructure. This incident stresses the importance of stringent security measures and industry-wide improvements to safeguard against such vulnerabilities in digital infrastructure. The report’s findings revealed that Microsoft’s failure to prioritize security and risk management contributed to the breach’s success, which not only compromised personal information but also potentially national security. It calls for Microsoft to adopt a new culture of engineering security within its networks and improve processes to enforce security benchmarks. As cloud services become integral to governmental and corporate operations, this breach serves as a stark reminder of the critical need for enhanced security practices to protect sensitive data from sophisticated nation-state actors.
AI won’t replace cybersecurity workforce, agency leaders say
FedScoop: The introduction of artificial intelligence (AI) tools in federal agencies has significantly impacted the cybersecurity landscape, with many officials seeing AI as an advantage for defenders rather than a threat. Despite concerns about AI potentially replacing human jobs, federal IT leaders assert that AI will serve as a tool to assist rather than replace cybersecurity professionals. Examples like the 2021 breach attempt on a Florida water treatment plant highlight the indispensable role of human oversight in ensuring system safety. The Department of Energy and the General Services Administration emphasize the ongoing need for a human workforce to manage and respond to cyber threats effectively, underlining that AI will enhance, not eliminate, cybersecurity jobs. This evolution in technology demands a shift in mindset towards embracing change and preparing for new challenges in cybersecurity.
Reported data breach incidents rose by 34.5% in 2023, with over 17 billion personal records compromised throughout the year. (source)
John Michael Sullivan became the first person in the US to be convicted at trial under the federal computer fraud law and the first person prosecuted under the federal law in North Carolina. (source)