From article: www.npr.org/2024/07/12/nx-s1-5037736/att-data-breach-call-text-records

AT&T says hackers stole 2022 data of "nearly all" of its cellular customers from the company's workspace on a third-party cloud platform.

The Dallas-based telecommunications company announced the massive data breach in aregulatory filingandpress releaseon Friday morning, which said it believes the data is no longer publicly available.

"AT&T has taken additional cybersecurity measures in response to this incident including closing off the point of unlawful access," it added.

Millions of customers' data found on dark web in latest AT&T data breach

The company wrote that it first learned of the incident in April, but the U.S. Justice Department determined in May and again in June that "a delay in providing public disclosure was warranted" until now.

The Justice Department issued a statement confirming that it's investigating the breach.

"AT&T's cooperation with the Department in this matter, including its timely advance notification to the FBI, benefited the Department's ongoing efforts to investigate the incident," the statement says.

AT&T's investigation found that an unspecified number of "threat actors" exfiltrated files in April containing the records of phone calls and text messages of "nearly all AT&T cellular customers" between May and October 2022, as well as a smaller number of customers on Jan. 2, 2023.

An AT&T spokesperson described the information taken as "aggregated metadata," holding information about the calls and texts but not their contents.

The records identify other telephone numbers with which affected customers interacted, including AT&T landline numbers, as well as counts of those calls and texts and the total call durations for specific days or months.

"For a subset of the records, one or more cell site ID numbers associated with the interactions are also included," it adds.

AT&T says the data does not include the substance or time stamps of those calls and texts, nor birthdays, social security numbers or other "personally identifiable information." Though there is a catch.

"While the data does not include customer names, there are often ways, using publicly available online tools, to find the name associated with a specific telephone number," it cautions.

AT&T says it is working with law enforcement to arrest the perpetrators, and "understands that at least one person has been apprehended" so far.

Are data breaches putting patients at risk?

The company says it will notify impacted users by text, email or U.S. mail, and has also set up a webpage where current and formercustomers can check to seeif their information was involved.

Those affected canfollow an online processto obtain the phone numbers of their calls and texts in the downloaded data. AT&T says the option to request that information will be in place through the end of this year.

And for those concerned about potential phishing and online fraud, it offers some evergreen advice, including not replying to a text from an unknown sender with personal details and making sure websites are secure by looking for the "s" after "http" in the address.

It adds that customers who suspect suspicious text activity shouldforward the messageto AT&T, andreport any suspected fraudon their AT&T wireless account to its team.

This is not the first data breach that AT&T has reported this year.

It said in March that it had reset the passcodes of about 7.6 million users after it discovered adataset on the "dark web"containing Social Security numbers and other personal information of some 70 million current and former account holders.

Separately,AT&T gave $5to certain customers affected by a nearly 12-hour nationwide outage back in February.

Verizon, Ticketmaster, Dell and Bank of America are among the other companies that have reportedmajor data breachesthis year, affecting millions of people altogether.

QUESTIONS TO ANSWER:

1) What is the situation and the parties involved. 2) Identify the ethical standard; explain how this situation violated that standard. 3) Explain how you could have prevented this situation and would now respond, including support from scholarly and Biblical sources