Login
If you’re an AT&T customer, now’s the time to take action. A previously reported data breach has exposed personal information from millions of accounts—and that data is reportedly up for sale on underground hacking forums.
According to cybersecurity researchers, a database containing up to 86 million AT&T customer records is being sold on Russian cybercrime forums. This leaked info includes sensitive personal details like:
Yes, you read that right—Social Security numbers stored in plain text. That’s a goldmine for identity thieves.
AT&T released the following statement to McAfee, “After analysis by our internal teams as well as external data consultants, we are confident this is repackaged data previously released on the dark web in March 2024. Affected customers were notified at that time. We have notified law enforcement of this latest development.” Additonally, AT&T offered credit monitoring and identity theft protection to those customers whose sensitive personal information was compromised as part of the notice in 2024.
However, for extra peace of mind, McAfee recommends the following:
1. Check your credit reports – Look for any unfamiliar accounts or activity. You’re entitled to a free credit report every year from each major bureau at AnnualCreditReport.com.
2. Change your AT&T account password – Especially if you haven’t updated it recently, or if you reuse that password elsewhere.
3. Set up fraud alerts or credit freezes – It’s a smart move to stop scammers from opening new accounts in your name.
4. Monitor for identity theft – Consider using an identity monitoring service that can alert you to suspicious activity across your credit, bank, and public records.
5. Protect your digital life – Consider signing up for a McAfee+ protection plan. You’ll get automatic scam alerts, security for unlimited devices, and 24/7 identity monitoring—plus up to $2 million in identity theft coverage and recovery support from U.S.-based experts. McAfee handles the heavy lifting with dark web monitoring and scam prevention, so you can get back to living your life with confidence.
Taking steps now can help keep your identity safe in the long run.
The post Your Social Security Number Could be for Sale: Old AT&T Data Leak Exposes 44M SSN Numbers appeared first on McAfee Blog.
Over the past year and a half, workers everywhere have gotten used to working from home. They have adopted an entirely new work from home mindset and diverted their weekly commuting hours to other productive and more enjoyable pursuits. As parts of the world return to a “new normal,” another change is on the way: a gradual return to the office.
The hybrid working model is met with mixed reviews from employees and business security teams alike. For some employees, a clearer separation between work and home is a welcome change. CTV News reports 66% of Canadian respondents to an International Workplace Group poll say they are looking forward to splitting their working hours between the office and home.
For business security teams who are just catching their breath after the monumental shift to a remote workforce, they are now gearing up for the new online safety challenges posed by the hybrid work model. According to a VMware Canada Threat Report, 86% of security professionals agree that cyberattacks aimed at their organizations have become more sophisticated since the onset of the pandemic. Additionally, 91% of global respondents cite employees working from home as the cause of cyberattacks. Challenges of the hybrid workforce include the constant back-and-forth of company-issued devices, the lack of control over home office setups, and mixing personal and company devices with company and personal business respectively. For example, if you pay your bills or shop online using your work device, it opens several new avenues for a hacker to walk right onto the corporate network. When your guard is down even a little bit when you are off the clock, you could fall victim to e-skimmers, fake login pages, or phishing scams.
No matter how advanced your company’s threat detection system, hackers know where vulnerabilities lie and are on the hunt to exploit them. Check out these tips to ensure you are not the weak link in your organization.
A virtual private network (VPN) is a service that scrambles online browsing data, making it impossible for nefarious characters to decipher your activity. This is an excellent way to deter hackers from tracking your movements and picking up sensitive pieces of information.
VPNs are essential if you are working in a public area, sharing a wireless network with strangers, or using a Wi-Fi connection that is not password protected. Public Wi-Fi networks are notoriously easy pickings for hackers seeking entry into unsuspecting users’ devices. On the days where you are not in the office, make sure your wireless connection is secure.
While a VPN is an excellent tool, security measures and your accounts are vulnerable without a strong and private password or passphrase to protect them. The gigantic Colonial Pipeline hack is being blamed on a hacker gaining entry through an unused VPN that was not secured with multifactor authentication. Multifactor authentication is an online safety measure where more than one method of identity verification is needed to access the valuable information that lies within password-protected accounts.
Consider using a password manager to organize all your passwords and logins. Password managers remember each pairing so you don’t have to, plus most managers are secured with multifactor authentication. A password manager makes it easier to add variety to your passwords and prevents you from ever having to write them down.
Professionals who travel between their home and an office are likely transporting their devices back and forth, increasing the number of opportunities for devices to be forgotten at either location or in transit. As convenient as it may be, never use your personal device for official business. Even if you pride yourself on sound online safety habits, your company device likely has more defenses ingrained in its hardware than your personal devices.
With your personal devices, you should carefully vet everything you download. With your work-issued devices, this vetting process is even more important as company information is at stake. The Information and Privacy Commissioner of Ontario states that employees should never download applications to their work devices without permission from the IT team. Apps and programs often have security vulnerabilities that could open a gateway for hackers.
Zero Trust is a security philosophy that is exactly what it sounds like: trust no one. Businesses are employing Zero Trust models to greatly limit who has access to sensitive data sources. Adopt your own personal Zero Trust philosophy concerning your passwords, logins, and device access. This means never sharing passwords or log in details, especially over email, instant messenger, or over a video conference. Hackers commonly eavesdrop on all three mediums. Also, even your most trusted coworker could mishandle your passwords and login details, such as writing them down and leaving them in a public place.
A key aspect of the Zero Trust model is only granting employees access to platforms that are vital to their job. Sharing your logins with coworkers who may not be authorized for using that platform undermines all the hard work the IT team does to keep tabs on data access.
Every time you turn on the nightly news, another ransomware attack has hit another organization, each one bigger than the last. This heightened prevalence is a reflection on the wiliness of hackers, but also the number of security holes every company must plug.
There are several vulnerable points of entry in every company, and some of those vulnerabilities are heightened by the hybrid work model. Always heed the advice of your company’s IT team, and make sure to do your part to keep your devices and work information secure.
The post Hybrid Workplace Vulnerabilities: 4 Ways to Promote Online Safety appeared first on McAfee Blog.
FreshRSS