AT&T Customer Data Breach Serves as Reminder of Risks from Third-Party Vendors

By Greg Tavarez April 05, 2023

The telecom industry is a critical infrastructure with customers relying on their services for communication, commerce and information. Because of that, it is a prime target for cyberattacks. That is why it is imperative that telecom operators prioritize cybersecurity and work closely with their third-party vendors to ensure that their systems are adequately protected against security threats.

The reliance on third-party vendors for various services (such as billing systems and customer service) means that these vendors have access to sensitive information within the telecom operator's network. Any security vulnerabilities in their systems can potentially be exploited by malicious actors to gain access to the telecom operator's network and compromise customer data.

This is a significant concern for telecom operators, as they’re subject to strict regulatory requirements around data privacy and security. A breach of customer data can result in significant financial and reputational damage, making it essential for telecom operators to conduct thorough risk assessments of their third-party vendors and implement appropriate security controls and monitoring.

"Supply chain attacks have become increasingly common and dangerous in recent years,” said Dmitry Kurbatov, co-founder and Chief Technology Officer of SecurityGen. “Hackers target a company's vendors, partners or other third-party providers to gain access to its systems or data. These attacks are difficult to detect and defend against, as companies often have limited visibility of the security measures of their suppliers and partners.”

Let the security breach at a third-party marketing partner of AT&T (News - Alert) (that led to the information of 9 million AT&T customers being exposed) serve as a reminder of the risks to telecom operators from security vulnerabilities at third-party partners.

For those not familiar with the incident, here is a quick summary:

AT&T notified around 9 million of its customers about a marketing vendor the company used that was hacked in January, exposing the private information of wireless accounts. Credit card information, Social Security numbers and account passwords were not exposed during the data breach.

The information that was exposed included first names, wireless account numbers, wireless phone numbers and email addresses. Sure, at first glance this set is not as severe as having credit card information stolen. But the possible risk of identity theft is still there.

"The AT&T incident is indicative of the threat to operators and their customers from potentially unsecure third parties,” said Kurbatov. “It's a timely reminder for operators to not only implement strong security measures for their own systems, but also to thoroughly vet and monitor the security practices of third-party partners and suppliers.”

Furthermore, the potential risk from third parties is set to increase with the growth of 5G and evolving ecosystems of developers, service providers and non-telecom players working together on new 5G products and services. Kurbatov mentions that 5G is expanding the attack surface for hackers to exploit. It makes sense. Think of the expanded services and number of devices connected because of 5G networks.

"5G has been developed with improved security protocols than previous network generations, and it’s designed from the ground up to be flexible and open for integration with multiple external systems,” said Kurbatov. “However, this same open architecture that enables flexibility and easy integration can also make 5G vulnerable and exposed to threats and hidden vulnerabilities."

Just like how operators need to work closely with third-party vendors, they need to recognize the vulnerabilities that come with 5G to safeguard their networks from any threats that come from external partners and 5G's own extra openness.

Edited by Alex Passett
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

Patton Acquires Tone Commander, Strengthens Secure Communication Solutions

Patton, a provider of VoIP and mission-critical communication solutions, has announced its acquisition of Tone Commander

Read More

NETSCOUT Shields Customers with Automated, ML-Driven Mitigation

Adaptive DDoS Protection is a security solution that continuously examines network traffic in real-time to help thwart evolving dynamic DDoS attacks.

Read More

Accelecom's Unified Communications Entry Accelerated by Alianza

Accelecom received a unified communications market boost with the help of Alianza, the communications cloud for service providers.

Read More

InfiniG Sets New Benchmark for In-Building Mobile Coverage

InfiniG set a new benchmark for in-building mobile coverage was set through a visionary solution: Neutral Host as a Service, or NHaaS.

Read More

South Florida's Scam Saga: Fort Lauderdale's $1.2M Wake-Up Call

Scammers recently managed to seize $1.2 million in taxpayer funds from the city of Fort Lauderdale, Florida.

Read More