Hackers target US telecommunications firms, leak consumer data


Threat actors have targeted several US telecommunications companies extensively since January, according to the cybersecurity firm Cyble. Data of more than 74 million consumers had been leaked.

Cyble Research and Intelligence Labs have said in a blog post that the illicit activity was related to the high level of internet penetration within the American population: “This presents a growing lucrative threat attack surface for threat actors, ransomware, and APT (Advanced Persistent Threat) groups.”

The year started with the attack by the ransomware group CL0P on CGM, a US Software-as-a-Service provider that helps telecommunications companies participate in the Affordable Connectivity Program.

ADVERTISEMENT

Hackers leaked screenshots of IDs submitted by disadvantaged applicants to the program on January 5.

cyble-leak
Hackers leaked screenshots of IDs. Courtesy of Cyble.

The very next day, another threat actor, IntelBroker, claimed to have found a third-party vendor’s insecure cloud storage containing 37 million AT&T client records.

There were more hits – on T-Mobile, Verizon, and US Cellular. Altogether, over 74 million clients’ data was leaked, Cyble said.

According to the researchers, most of the breaches can be attributed to third-party vendors. Third-party breaches through vendors, software, and MSPs (Managed Service Providers) can lead to larger-scale supply-chain attacks and a greater number of impacted users and entities globally.

Scammers usually take the leaked information, compile it with information from other breaches or publicly accessible sources, and attempt identity theft, financial fraud, extortion, or harassment.

As Cyble reminds, this was seen after the Optus data breach, where a sample of 10,000 records shared by the threat actor was used in an attempt to extort the users.

Companies’ post-breach response typically includes contracting auditors and information security companies as well as offering short-term credit monitoring to protect against fraud.

ADVERTISEMENT

However, these are reactive measures, Cyble warned and said companies should maintain adequate policies and procedures to protect against threats proactively. For example, obtaining cyber insurance might be a good idea, even if insurers are not always eager to help.

In response to the breaches in the telecommunications sector, on January 5, 2023, the Federal Communications Commission (FCC) issued a statement pushing for a change in current breach notification guidelines, proposing the removal of the compulsory seven-day waiting period before customers are notified of breaches.

The agency also recommended expanding the scope of federal agencies that receive breach notifications to include the FCC, the Federal Bureau of Investigation, and the US Secret Service.

“The law requires carriers to protect sensitive consumer information, but, given the increase in frequency, sophistication, and scale of data leaks, we must update our rules to protect consumers and strengthen reporting requirements,” said FCC Chairwoman Jessica Rosenworcel.