Sydney hospital loses $2 million in alleged BEC fraud
A Sydney hospital lost $2M in a BEC scam. Learn how to protect your business with MFA, email authentication, and robust financial controls.
In a concerning update for the telecom and cloud data security sectors, AT&T has been hit by a major data breach linked to the ongoing Snowflake cybersecurity incident. This breach, revealed on 12 July 2024, has exposed the phone records of almost 110 million AT&T customers, highlighting vulnerabilities in cloud-based data storage and the urgent need for stronger cybersecurity measures.
AT&T discovered the breach when a security researcher notified the company about compromised call logs obtained through Snowflake’s insecure cloud storage. After verifying the data’s authenticity, AT&T reportedly engaged Google-owned cybersecurity firm Mandiant for further investigation and disclosed the breach to the SEC.
The AT&T breach is part of a wider supply chain attack involving Snowflake, a major cloud data analysis player whose platform serves tech giants such as Adobe, Canva, and Mastercard.
Other known affected customers include large companies such as Ticketmaster, Santander Bank, Advance Auto Parts, and Neiman Marcus, signalling significant vulnerabilities in its cloud data systems.
The primary suspect behind the data theft allegedly accessed the information through insecure cloud storage and was reportedly arrested in May for unrelated charges related to a previous breach involving T-Mobile. Although AT&T claims the data has been erased from the hackers’ possession, concerns remain about potential copies of the dataset circulating among other parties.
Data stolen in the AT&T breach includes:
The compromised data spans from May to October 2022, with a smaller group of data extending to January 2023. AT&T confirmed that, unlike its previous breach that exposed the sensitive data of 73 million AT&T customers earlier this year, the Snowflake breach did not include call or text contents, names, credit card data, or Social Security numbers.
AT&T reportedly paid hackers approximately $370,000 in Bitcoin to delete stolen phone records, which included call and text metadata of millions of customers. The hackers, affiliated with the ShinyHunters group, were reportedly approached by AT&T after learning of the breach from a security researcher acting as an intermediary.
In the days following the breach, AT&T’s stock fell by 0.3% to $18.80, reflecting a $130 million drop in market cap. Before the hacking disclosure, AT&T stock had been up 12% in 2024.
For CFOs and finance managers, this incident underscores several key points:
As investigations into AT&T’s breach continue, finance leaders must remain vigilant as scam risks heighten following a significant data breach. This latest incident serves as a reminder of cybersecurity’s crucial role in the digital finance world. Moving forward, finance professionals should:
Learning from such incidents will help finance leaders protect their organisations from evolving cyber threats.
A Sydney hospital lost $2M in a BEC scam. Learn how to protect your business with MFA, email authentication, and robust financial controls.
CFOs, beware: cybercriminals are exploiting DocuSign’s legitimate business tools to deliver fraudulent invoices directly through trusted channels. This scheme is particularly dangerous …
Because LinkedIn is used as a professional networking platform, account holders don’t use the same caution as they would on Facebook or …
Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.