Craig Pepper
April 2, 2024
5 Min Read

Threat Report 02.04.24

AT&T Reports Extensive Customer Data Leak on Dark Web

AT&T has reported that personal data pertaining to an estimated 73 million current and former customers has been discovered on the dark web. This data exposure includes sensitive information such as social security numbers among other personal details.

The company believes the compromised data originates from a period no later than 2019, affecting around 7.6 million individuals with active AT&T accounts and 65.4 million who are former account holders.

The revelation came to light over the Easter weekend, when the Dallas, Texas-based telecommunications firm announced that a data set containing AT&T-specific data fields had emerged online approximately two weeks prior. AT&T has stated that it is currently uncertain if this data directly emanated from its own systems or those of its service providers. The investigation into the complete data set, which encompasses sensitive personal information, is ongoing to ascertain the source.

AT&T is conducting a comprehensive inquiry into the incident, with both internal and external cybersecurity experts involved. The company has yet to find any evidence to suggest unauthorised system access that could have led to the data being extracted.

Affected customers are being informed by AT&T, which is also offering credit monitoring services at no cost where it's deemed appropriate. According to the company, this security breach has not significantly impacted its operational capabilities.

This announcement follows a March 2023 notice to approximately 9 million wireless subscribers about a compromise of their customer proprietary network information (CPNI) due to a breach at a third-party service provider. Additionally, AT&T experienced a significant service outage in the previous month, which it confirmed was not the result of a cyberattack.


Vigilance with Personal Information: Individuals impacted or potentially impacted should monitor their financial accounts and credit reports closely for any unauthorised activities.

Credit Monitoring and Fraud Alert: Enrol in the credit monitoring services offered by AT&T and consider placing a fraud alert on your credit reports.

Secure Accounts: Update passwords and enable multi-factor authentication on all important accounts to strengthen security.

Beware of Phishing Attempts: Be cautious of unsolicited communications asking for personal or financial information, as these may be phishing attempts exploiting the data breach.


Identity Theft: With social security numbers and other personal information exposed, individuals are at a heightened risk of identity theft.

Financial Fraud: The leaked data could be used for unauthorised transactions or to open fraudulent accounts in the names of the victims.

Phishing and Scams: Affected individuals may face an increased risk of targeted phishing attacks and scams designed to extract more information or money.

The Rise of the FedEx Courier Scam

The FedEx courier scam has become a sophisticated and merciless fraud, predominantly targeting individuals in India by exploiting their trust, fears, and lack of information about such deceitful practices. This scheme operates through a sequence of manipulative tactics designed to trap its victims.

Victims receive an automated call claiming a FedEx package addressed to them has been detained. Prompted by curiosity or worry, individuals are lured into pressing a button to proceed, setting the scam in motion.

Impersonators posing as airport authorities claim to represent a non-existent FedEx office. They concoct a narrative involving a parcel blocked due to the alleged discovery of illegal substances by the Narcotics Control Bureau (NCB), leveraging personal information sourced from publicly accessible data to appear legitimate. The situation escalates as the call is supposedly transferred to NCB officials, who intimidate the victim with threats of legal action, compelling them to pay substantial amounts as bribes or fines under the pretence of avoiding legal consequences.

This scam indiscriminately preys on various demographics, including the elderly and women, exploiting their emotional vulnerabilities to instil a sense of urgency and fear. Even those proficient in using the internet are not immune to falling victim to this complex deceit.


Heightened vigilance and preventive measures are essential

Verification: Always confirm the authenticity of unexpected package-related communications by contacting the courier service directly through verified channels.

Awareness: Inform and educate relatives, particularly older family members, about the existence and nature of such scams to prevent them from becoming victims.

Guarding Personal Information: Exercise caution in sharing personal details and be wary of disclosing sensitive information.

Reporting: Report any encounters with such fraudulent schemes to law enforcement agencies promptly to prevent further victimisation.

Through awareness and proactive measures, individuals can safeguard themselves and their loved ones against such fraudulent activities.

MarineMax Faces Data Breach Due to Ransomware Attack

MarineMax, a prominent boat dealer, has acknowledged a data breach following a ransomware assault that affected its customers and employees. The company reported the cybersecurity incident in a regulatory submission on March 10, revealing that the attack led to operational disruptions and unauthorised access to certain information technology systems. Initially, MarineMax asserted that the compromised systems did not contain sensitive information.

Subsequently, the Rhysida ransomware group claimed responsibility for the breach about 10 days after MarineMax's disclosure, announcing the sale of the purportedly stolen data.

In a more recent Securities and Exchange Commission (SEC) filing dated April 1, MarineMax updated its stance, confirming that the cyberattack resulted in the theft of 'limited data,' including personal details of customers and employees. The company has pledged to notify all affected parties and has already informed relevant law enforcement and regulatory bodies.

MarineMax anticipates incurring costs associated with responding to this cybersecurity incident and acknowledges ongoing risks and uncertainties. Despite these challenges, the company maintains that the breach has not significantly disrupted its operations. The extent to which this incident might affect MarineMax's financial health or operational outcomes remains under evaluation.

The Rhysida ransomware group has initiated an auction for the stolen data on its website, asking for 15 bitcoin (approximately $1 million). This high ransom demand likely reflects MarineMax's status as a leading international yacht and recreational boat retailer. The company employs nearly 4,000 staff and reported over $500 million in quarterly revenue recently.

Evidence presented by Rhysida includes screenshots and a file tree listing 180,000 documents, suggesting the theft of significant personal and financial information. However, the authenticity of these claims, as is common in such cybercriminal activities, may be exaggerated or partially falsified to compel payment.

The Rhysida group, which surfaced in May 2023, has targeted entities across various sectors, including the British Library. The U.S. government issued a warning about Rhysida in November 2023, highlighting their tactics of data theft and system encryption. It remains uncertain if MarineMax's files were encrypted or if the attackers concentrated solely on data exfiltration.

Read similar blogs