The call and text message records from mid-to-late 2022 of tens of millions of AT&T cellphone customers and many non-AT&T customers were exposed in a massive data breach, the telecom company revealed Friday, July 12th 2024.
The stolen logs also contain a record of every number AT&T customers called or texted – including customers of other wireless networks – the number of times they interacted, and the call duration.
The company blamed an “illegal download” on a third-party cloud platform that it learned about in April – just as the company was grappling with an unrelated major data leak. AT&T says that the exposed data is not believed to be publicly available, however CNN was unable to independently verify that assertion.
What are the implications? “Any possible place that you’re giving information to very well may be targeted one day,” said Alex Risen, CMO of the cybersecurity training company PhishingBox. “I can spoof your phone number. I can make it look like I’m contacting one of your loved ones or a friend, maybe it’s a colleague at work, and I can get them to at least think that I’m you and do an action that they maybe otherwise wouldn’t have,” he said.
What Alex is referring is the possibility that calls not attested as A-level via STIR/SHAKEN could represent spoofed calls. A-level attestation is crucial with STIR/SHAKEN because it signifies the highest level of trust and verification for your outbound calls. Here’s why it’s important:
Increased Call Completion Rates: Carriers receiving your calls with an A-level attestation are more likely to let them through because they are deemed less likely to be spam. This translates to a higher chance of your calls reaching their intended recipients.
Enhanced Brand Reputation: A-level attestation indicates your business is a legitimate caller ID user. This builds trust with potential customers who might be wary of answering calls with unknown origins.
Reduced Risk of Blocking: Carriers might flag or even block calls with lower attestation levels (B or C). An A-level ensures your calls are less likely to be flagged as spam and avoids unnecessary blocking.
The implications for this could be that the analytics engines that support major carriers (such as AT&T, T-Mobile, and Verizon) may be forced to provide special treatment for all non-A attested calls, which could mean that all of those calls automatically receive a call label such as “Caution” or “Spam”.
