AT&T Customer Data Breach Serves as Reminder of Risks from Third-Party Vendors

By Greg Tavarez April 05, 2023

The telecom industry is a critical infrastructure with customers relying on their services for communication, commerce and information. Because of that, it is a prime target for cyberattacks. That is why it is imperative that telecom operators prioritize cybersecurity and work closely with their third-party vendors to ensure that their systems are adequately protected against security threats.

The reliance on third-party vendors for various services (such as billing systems and customer service) means that these vendors have access to sensitive information within the telecom operator's network. Any security vulnerabilities in their systems can potentially be exploited by malicious actors to gain access to the telecom operator's network and compromise customer data.

This is a significant concern for telecom operators, as they’re subject to strict regulatory requirements around data privacy and security. A breach of customer data can result in significant financial and reputational damage, making it essential for telecom operators to conduct thorough risk assessments of their third-party vendors and implement appropriate security controls and monitoring.

"Supply chain attacks have become increasingly common and dangerous in recent years,” said Dmitry Kurbatov, co-founder and Chief Technology Officer of SecurityGen. “Hackers target a company's vendors, partners or other third-party providers to gain access to its systems or data. These attacks are difficult to detect and defend against, as companies often have limited visibility of the security measures of their suppliers and partners.”

Let the security breach at a third-party marketing partner of AT&T (News - Alert) (that led to the information of 9 million AT&T customers being exposed) serve as a reminder of the risks to telecom operators from security vulnerabilities at third-party partners.

For those not familiar with the incident, here is a quick summary:

AT&T notified around 9 million of its customers about a marketing vendor the company used that was hacked in January, exposing the private information of wireless accounts. Credit card information, Social Security numbers and account passwords were not exposed during the data breach.

The information that was exposed included first names, wireless account numbers, wireless phone numbers and email addresses. Sure, at first glance this set is not as severe as having credit card information stolen. But the possible risk of identity theft is still there.

"The AT&T incident is indicative of the threat to operators and their customers from potentially unsecure third parties,” said Kurbatov. “It's a timely reminder for operators to not only implement strong security measures for their own systems, but also to thoroughly vet and monitor the security practices of third-party partners and suppliers.”

Furthermore, the potential risk from third parties is set to increase with the growth of 5G and evolving ecosystems of developers, service providers and non-telecom players working together on new 5G products and services. Kurbatov mentions that 5G is expanding the attack surface for hackers to exploit. It makes sense. Think of the expanded services and number of devices connected because of 5G networks.

"5G has been developed with improved security protocols than previous network generations, and it’s designed from the ground up to be flexible and open for integration with multiple external systems,” said Kurbatov. “However, this same open architecture that enables flexibility and easy integration can also make 5G vulnerable and exposed to threats and hidden vulnerabilities."

Just like how operators need to work closely with third-party vendors, they need to recognize the vulnerabilities that come with 5G to safeguard their networks from any threats that come from external partners and 5G's own extra openness.

Edited by Alex Passett
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

NICE Introduces 1CX, Its New Unified Communications-As-A-Service Solution

CX solutions provider NICE recently announced 1CX, the company's new unified communications-as-a-service (UCaaS) solution designed for rapid implementation and fast return on investment.

Read More

Navy Sets Sail with T-Mobile: $2.67B Contract for Next-Gen Connectivity

T-Mobile was picked as a wireless solutions provider by the U.S. Department of the Navy as part of the $2.67 billion Spiral 4 contract.

Read More

CallCabinet Expands Call Compliance via NUWAVE's iPILOT Platform

CallCabinet, a provider of call recording and AI-driven conversation analytics, announced its solution is available for Microsoft Teams and Webex Calling via NUWAVE's iPILOT platform.

Read More

Somos Earns Key Role in Securing Phone Calls with STI-CA Certification

Somos was recently approved as a Secure Telephone Identity Certification Authority, or STI-CA.

Read More

First Orion Introduces AFFIRM Reputation Monitoring for Enhanced Business Call Integrity

First Orion announced the launch of AFFIRM Reputation Monitoring, a next-generation tool designed to help businesses monitor their outbound call displays and protect their brand reputation.

Read More