The urgency of improving information security cannot be understated. Since the widely publicized attack on Target Corporation, data breaches have become increasingly common – sensitive information stored with both eBay and the California Department of Motor Vehicles has been compromised in the last six months alone. AT&T, the national telecommunications company based in Dallas, Texas, became the next affected company in an April attack.
According to an article by IT World, AT&T has confirmed reports that personal information, including social security numbers and phone records, was compromised for an unknown number of customers in a breach that occurred in the middle of April. Demonstrating the usual reluctance to go public with the breach, AT&T did not inform customers of the attack until June. AT&T reported to regulators in California, where state law mandates that customers must be notified if the incident affects more than 500 people.
In its letter to affected customers, AT&T stated, “Employees of one of our service providers violated our strict privacy and security guidelines by accessing your accounts without authorization. AT&T believes the employees accessed your account as part of an effort to request codes … to unlock AT&T mobile phones in the secondary mobile phone market.” The attack also targeted codes that make stolen smartphones easier to reuse outside of the United States, indicating that the breach was a deliberate and calculated attack.
This latest information breach reflects the persistent gap between information security and offensive capabilities. Consumer backlash against Target following its breach has been enormous, and eBay has come under scrutiny in the wake of its recent breach as well. Currently, not taking necessary precautions seems commonplace among many large corporations. The repercussions of this breach remain to be seen, but it certainly will not improve AT&T’s reputation. Hopefully, the higher frequency of breaches will spur some companies to action, to take information security seriously before an attack occurs.