AT&T Suffers Yet Another Major Data Breach

AT&T Suffers Yet Another Major Data Breach

AT&T recently revealed that it suffered a major data breach affecting nearly all of its wireless subscribers, making this one of the largest communications data breaches in recent history. While data breaches are all too common today, enterprise customers shouldn’t let their frequency desensitize them from maintaining best practices in contracting for security. In this episode of Staying Connected, Deb Boehling joins Sara Crifasi to discuss how enterprises can negotiate appropriate terms in their IT and telecom agreements for appropriate protections related to service providers’ breaches.

Listen in as Deb and Sara discuss:

Data Breach Details: The breached data includes call logs, telephone numbers, frequency and length of calls, and cell location data. This information can be combined with other public and private data to infer customer details.

Security Practices: The breach occurred on Snowflake’s third-party cloud platform where multi-factor authentication (MFA) was not used. Despite previous breaches, neither AT&T nor Snowflake required admins to activate MFA.

Preventive Measures: Enterprises should identify the types of information vendors will access and assess their security practices before contracting. Information security questionnaires and robust contract terms are essential.

Contractual Protections: Contracts should include an Information Security Requirements attachment, customized based on the sensitivity of the information. Remedies for non-compliance should be specified.

Confidentiality Clauses: Enterprises should include comprehensive confidentiality clauses in contracts, limiting the vendor’s disclosure of information and requiring secure disposal of data at contract expiration.

Encryption: Before sending any information to an IT vendor, enterprises should encrypt the information using a key known only to them.