Jeff Hall - PCIGuru Mar 11, 2023
Telecom provider AT&T recently alerted customers that a cyberattack exposed some information from their accounts. No credit card data, social security numbers, passwords, or dates of birth got out, but the hack exposed some details regarding users' phone plans. https://www.techspot.com/news/97895-hackers-accessed-personal-data-9-million-att-customers.html
Hackers accessed personal data from 9 million AT&T customers

Telecom provider AT&T recently alerted customers that a cyberattack exposed some information from their accounts. No credit card data, social security numbers, passwords, or dates of birth...

TechSpot
Show threaddarthfrosty

@jbhall56 my first question was, would this make someone more susceptible to telephony-based MFA spoofing/spamming attacks?

I kind of think we need to stop amplifying the propaganda that it’s okay as long as no credit card data was stolen. I want to know if EFT routing/account numbers or debit card numbers were stolen. That has immediate, personal bank account emptying implications that impact peoples’ ability to conduct their lives. At this point credit card replacement is a cost of doing business for multi-billion dollar lenders. When they’ve had opportunities to improve security of payments (requiring PINs on EMV, for example), they opted for more fluidity in user experience instead of better security.

/end-rant

Mar 11, 2023 at 1:28pmWeb
Show threadJeff Hall - PCIGuru Mar 11, 2023

@darthfrosty NACHA has finally implemented security rules that makes the risks of EFT and ACH a bit more difficult to pull off than it was in the past.

EMV has a litany of security features that could be implemented but have not thanks to the acquiring banks having no desire to spend the money to implement them.