The dumping of some 70 million+ AT&T customer data online has been validated by some customers as containing their data, as claimed by the data broker that put the data out on the web. Although AT&T has provided no information as to how their customer data made its way to the web, it certainly points to a potential relationship to claims made by the hacking group ShinyHunters.

AT&T has indicated that there has been no breach of their systems, and that the data may, in fact, have come from a third-party process of some kind. Either way, it is important for folks to recognize that this information has been put out on the regular web – not the dark web making it searchable and available to anyone with nefarious intent.

Once again, we can see that companies are not taking on the challenge of securing customer information properly and effectively. In this case, I would highly recommend that anyone who believes their information may be a part of this release take appropriate identity and financial protective actions. HaveIBeenPwned is a free online security tool that allows visitors to check and see if their information may have appeared on one of the multitudes of reported data beaches.

The Identity Theft Resource Center (ITRC) predicted a significant surge in identity theft following such a strong year for the activity in 2023. All of this points to the need to ensure that you and your company are properly protected against these cybercriminals and nation-state-sponsored hacking groups. No organization is too small, and no organization can afford to assume safety in obscurity, as the daily drumbeat of these types of security incidents clearly points out. Ensure you have the right technologies deployed and are supported by the right IT and cybersecurity partners as you operate in the modern world.