AT&T Data Breach Settlement Shows Need for MFA: Cyber Expert
AT&T's proposed $177 million settlement stemming from 2019 and 2024 data breaches shows that multifactor authentication isn't optional, cybersecurity expert Joe Vadakkan wrote last week. In the 2024 incident, hackers penetrated AT&T's Snowflake cloud system using credentials that didn't have MFA and made off with customers' call and text metadata, he said. "Weak credential protections" made the hack possible, he added. "Supply chain vigilance is critical," as the Snowflake breach came via "internal compromises." The settlement received preliminary approval in U.S. District Court earlier this month.