July 2024 - A Look At Recent Data Breaches Making Headlines

Security professionals are well aware of how frequent data breaches occur in today’s digital world. It is an unfortunate byproduct of the convenience that the internet provides. We are able to do so many tasks right from our devices, but it comes at the cost of our personal data, which cybercriminals want to gather as quickly as possible.

Given the high volume of data breach headlines that come out on a daily basis, it’s quite easy for all of it to become white noise. Security professionals, on the other hand, know they cannot whistle past the graveyard.

It is incredibly important for everyone to be aware of the latest major data breaches that take place, and to ensure everyone is doing what they can to protect both their digital assets.

This blog post will highlight a few of the major data breaches making waves recently, as well as why security professionals should tell their teams to be on alert, and what they can do to continue protecting their organizations.

Ticketmaster, AT&T, Twilio Breaches Highlight Bad Actors’ Desire for Different Data Points

Security professionals are also aware that every piece of data has different value to bad actors. The end goal is often to make money from these crimes, and in the case of the recent Ticketmaster breach, cybercriminals went directly to the source.

Ticketmaster confirmed it experienced a data breach earlier this year where email addresses, phone numbers and encrypted credit card information was exposed in the incident. The group behind the breach claims it has 1.3TB worth of data from Ticketmaster.

Obviously, there is a lot of value in payment card data, but a few other recent data breaches focused their attention on phone numbers.

AT&T’s recent breach saw the phone numbers of nearly all of its customers who used its network between May and October 2022 were leaked, as well as call and text records.

In some cases, cell site identification numbers were exposed, meaning a caller’s location could be gleaned.

Twilio’s breach also saw the exposure of 33 million phone numbers that were associated with the multifactor authentication app Authy. The group behind the Twilio breach is also allegedly behind the Ticketmaster incident.

These breaches highlight the value cybercriminals place in having phone numbers at their disposal. Twilio warned affected individuals to be on the lookout for phishing attacks that may be sent via SMS text messages, a tactic known as “smishing.” And if locations can be determined from the AT&T data, that could potentially leave them open to targeted cyber scams based on their location, or in more extreme cases, could leave them open to stalkers.

Security Professionals Should Be Ready

Security professionals need to be ready to not only answer any questions related to these incidents, but also be aware of how these breaches could be leveraged to target their organizations.

Bad actors may use these data points to try and compromise the victim’s devices, and if those devices are used professionally, it could lead to a lot of problems down the road.

It’s why security professionals need to communicate with their employees, and perform the following tasks to ensure their organization is secure:

• Continued Education on Cyber Scams: Security professionals need to stay up-to-date on the latest cyber scams and educate their employees on how to spot anything potentially malicious. For example, this could include spotlighting red flags that may lead to a phishing scam, or telling employees that yes, phishing messages can be sent through text messages. By informing employees on what to look out for, you can limit the possibility of human error leading to a bad outcome.
• Establish Lines of Communication: Security professionals should encourage employees to report any suspicious messages they may receive to ensure their legitimacy.
• Encourage Credit Monitoring: Complimentary credit monitoring is often offered by the organization that experienced the breach. It’s highly recommended that anyone affected by a breach sign up for the services.
• Implement MFA the Right Way: Multifactor authentication should be required for all accounts when available. Be sure your MFA processes run through an authentication app rather than via SMS text messages. An authentication app would require a bad actor to have physical access to a device to log into an account. Unfortunately, SMS text messages can be intercepted by bad actors, or mimicked during a smishing campaign. Additionally, cybercriminals may perform a SIM swapping attack, where they would switch the SIM card to a device they control in order to receive phone calls and texts. Thus, when you want to receive an SMS text message for MFA, the code would be sent to the device controlled by the bad actor rather than to the person who made the request, giving them the ability to access the account and steal whatever they wish to access.

BlackCloak recommends these best practices to all of our clients. It’s important to stay abreast of all the latest major breaches, as the damage and risk can spread beyond the person who had their data stolen in the attack.

Security professionals are already going to do this, as it is part of the job, but by going a step further and keeping your teams in the loop, you can extend your range of vigilance and shut the door on those who wish to do you and your organization harm.