Intelligent CISO Issue 76 | Page 24

UPDATES
1
2
2
1

threat

UPDATES
1
US ( Texas )
AT & T has released a public statement on unauthorised access of customer data from a third-party cloud platform .
A statement from the company read : “ We learned that AT & T customer data was illegally downloaded from our workspace on a third-party cloud platform . We started an investigation and engaged leading cybersecurity experts to help us determine the nature and scope of the issue . We have confirmed the access point has been secured .
“ Our investigation found that the downloaded data included phone call and text message records of nearly all of AT & T cellular customers from May 1 , 2022 , to October 31 , 2022 , as well as on January 2 , 2023 . These records identify other phone numbers that an AT & T wireless number interacted with during this time , including AT & T landline ( home phone ) customers . For a subset of the records , one or more cell site ID numbers associated with the interactions are also included .”
2
US ( Tennessee )
Change Healthcare ( CHC ), which provides services to health care providers , health insurance plans and other companies , has revealed details about a cyberattack on its systems involving the protected health information ( PHI ) of a substantial number of people in the US .
CHC has completed a review of over 90 % of the impacted files and continues to see no evidence that materials such as doctors ’ charts or full medical histories were exfiltrated from its systems .
But CHC identified certain customers whose members ’ or patients ’ data was involved in the incident and provided notice to those customers and provided a website URL that those customers can link to from their own websites to share with their potentially impacted individuals .
The company added that it did not believe the data is publicly available .
“ We continue to work with law enforcement in their efforts to arrest those involved . Based on information available to us , we understand that at least one person has been apprehended ,” it added .
The downloaded data doesn ’ t include the content of any calls or texts .
2
1
24 WWW . INTELLIGENTCISO . COM