Sharon saved her supply chain from cyber risk and ended the office goat debate everyone AT&T reporting a major data breach involving nearly all of its customers the company saying today hackers downloaded phone and text records to a cloud platform that were made from May 1st to October 31st of 2022 some more records from January 2nd of 2023 also involved AT&T is saying that personal information like Social Security numbers and birthdays were not included neither was any of the content of the calls or texts of all their customers the company says it's working with police to catch those responsible at least one person has reportedly been arrested here with us now Bob kolansky Senior vice president for critical infrastructure as at exiger a technology company that helps businesses Banks and government agencies with risk and compliance Bob thanks for joining great to be with you so AT&T says nearly all of its customers are affected cell phone wireless customers even those who are land lines right now first can you give us a proper perspective of 100 million people 2 and a half million businesses we hear those numbers but give us some context there so what we're talking about is the metadata something called metadata of the 100 million people there and that means it's information about who you who you called what numbers you called what who you were texting and so you you go back to 20122 and you have records that are have been you know prolin basically of what you've been doing it isn't what you said or nobody's listening to phone calls nobody's capturing according to at& nobody's capturing what was texted but the fact that it happened and that of course links to what locations you were at because of because what some of the data was linked to cell towers so you could tell locations where people were so so there's just a boatload of data that that has been you know breached and whoever was involved with this has access to um at an individual customer level that may not be too concerning but but it's really concerning at a macro level yeah I think the large number of people that were hacked is the concerning part atnc says thieves took data from 2022 one day in 2023 do we know exactly when the information was stolen because it was a few years ago it was you know I think the dates you put up there were were you know that that's the best knowledge we have right now what's interesting about this is part of this is known because AT&T had to report this to the Securities and Exchange Commission as a major cyber incident and as far as I know this is the first time that there was a a waiver given to AT&T to have extra time to work with law enforcement before the notice of an incident was made public um and that waiver was based on National Security concerns so that does indicate that the federal government the FBI and ATT think there's something worth looking at here from a national security perspective too early to know what that is but but you know this is this these SEC rules have only been in place for about a few months and and now we're seeing a national security exception granted so going back to what 18 TNT said hackers didn't get Social Security numbers or birthdays you mentioned it's not like they were listening to our calls so what information did those hackers get again it's sort of metadata and and the best way to think they just they they vacuumed up a lot of data um it's unclear why you would want to vacuum up all this data except to sort of start to look for patterns perhaps of certain things you know what's going to be so important in the criminal investigation is um trying to figure out what patterns a criminal would be looking for and try to protect against that you know individuals lost some level privacy in what what happened um and when we're talking about at this is a this is a a breach against atat through one of at's third parties um which demonstrates the importance and this is something we do at exer a lot of making sure that your third party your supply chains are protected um as part of your over all cyber security and Bob I don't have to tell you this comes after AT&T had to reset passwords for millions of customers in March after a data breach I was one of them I know a lot of people affected we've seen Ticket Master targeted hospitals Healthcare Systems auto dealerships are hackers just getting better at this um cyber crime is getting more lucrative I think is one sense and with some getting more lucrative yeah I think criminal gangs are are getting better and if this wasn't a criminal gang if this was linked to nation state activities nation states are investing in capability to get get better doing things through cyers space and so it's really important that cyber defenses third party supply chain defenses keep up with with um the hackers as they work on that because we are seeing just this is becoming a more po you know cyber attacks are becoming a more popular Target and particularly critical infrastructure as you were just suggesting and Bob very quickly I'm running out of time if people are AT&T customers are worried that they got hacked what can they do I think it's communication with AT&T and ask AT&T to share information every you know follow this but but AT&T should be proactively communicating with um consumers what they know about hacks and anything that's recommended credit Monitor and other sort of sure private protections you should follow up on that Bob Koski thanks for the Insight sir thanks good be with you