The Weekly Breach Breakdown Podcast by ITRC - It's A Duck! - S3E22

Show Transcript

It’s a Duck!

Welcome to the Identity Theft Resource Center’s (ITRC) Weekly Breach Breakdown for August 12, 2022.  Each week, we look at the most recent events and trends related to data security and privacy. There are two bits of breaking news today that deserve some attention: a major data breach that, apparently, we’re going to need a DNA test to find its parent – and word from the Federal Trade Commission (FTC) that the agency may be ready to overhaul privacy regulations as we know them. 

Let’s start with what appears to be the breach of 23 million customers of a major telecommunications company. Chance are you’ve heard the saying, “If it looks like a duck, walks like a duck, and quacks like a duck – it’s a duck.” Like all good clichés, there is a grain of truth in those words.

AT&T Customer Data Possibly Stolen & Placed on Dark Marketplace

This week, security firm Hold Security and cybersecurity reporter Brian Krebs reported the discovery in a dark marketplace of a file containing personal information on nearly 23 million people. The stolen data contained names, addresses, email addresses, phone numbers, Social Security numbers (SSNs) and dates of birth with indicators the information belongs to customers of AT&T. 

Here's where the duck analogy comes into play. While the data appears to be of AT&T customers, the company says if it is customer data, it didn’t come from them. In a written statement, AT&T explained to reporter Krebs: 

“This information does not appear to have come from our systems. It may be tied to a previous data incident at another company. It is unfortunate that data can continue to surface over several years on the dark web.”

What Concerned AT&T Customers Should Do

Given this position, it is unlikely AT&T will issue data breach notifications. If you are a concerned AT&T customer, you should consider taking steps to make your personal information less useful to an identity thief attempting to misuse your stolen data. 

1. Freeze your credit. Credit monitoring is helpful. However, it can’t stop someone from creating a new credit account. Freezing your credit can. 
2. Use unique passphrases. Make sure you have long – 12 or more character – passwords, and each account has a unique password. That way, if one password is compromised, a criminal can’t access multiple accounts.
3. Use a password manager or the password manager feature in your mainstream browser to help create and keep track of all those passwords.
4. Enable multi-factor authentication (MFA) on your online accounts and use an authenticator app whenever possible.

FTC Could Consider New Regulations 

The other major story this week involves an announcement from the FTC that the agency is considering cracking down on Commercial Surveillance and Lax Data Security Practices. In a 3-2 vote, the Commission issued what is known as an advanced notice of public rulemaking to seek public comment on whether new rules are needed to protect people’s privacy and information. The full rulemaking process, should the FTC decide to pursue new regulations, could take two or more years.

Contact the ITRC

You don’t have to wait years to contact the ITRC if you think you have been the victim of a data breach or other identity crime. Just visit our website at www.idtheftcenter.org. You can also speak with an expert advisor on the phone (888.400.5530), chat live on the web, or exchange emails during our normal business hours (Monday-Friday, 6 a.m.-5 p.m. PST). 

Next week, we’re going to publish a new report for the first time that looks at overall identity trends based on the victims who contact us. Join us next week for our sister podcast, The Fraudian Slip, when ITRC CEO Eva Velasquez talks with our Chief Victim Officer Mona Terry about those trends.

We will return in two weeks with another episode of the Weekly Breach Breakdown.