The Weekly Breach Breakdown: First Impressions – Failed Deepfake Attack on LastPass Employee & Latest on AT&T Data Breach

• Bleeping Computer reports that identity criminals targeted a LastPass employee in a deepfake attack. They used deepfake audio to impersonate company CEO Karim Toubba in calls, texts and voicemails on WhatsApp.
• The employee ignored the messages and reported them to LastPass. The company says the deepfake attack had no impact on LastPass. To avoid an attack like this, do not panic. Collect your thoughts and contact someone directly to verify the validity of the message.
• AT&T is notifying two million people that their account data has been compromised and published on the dark web. It’s believed that the data has been circulating online since at least 2021 and may be linked to a data breach in 2019.
• Compromised data from the AT&T data breach includes names, email addresses, mailing addresses, phone numbers, Social Security numbers, dates of birth, AT&T account numbers and AT&T passcodes.
• If you receive an AT&T data breach notice, freeze your credit, change your password to a 12+ unique passphrase, change the password of other accounts with the same password as the breached account, use multifactor authenticationand be on the lookout for phishing attempts.
• To learn about the latest data compromises, consumers and businesses should visit the Identity Theft Resource Center’s (ITRC) data breach tracking tool, notified. 
• If you believe you are the victim of an identity crime, contact the ITRC. Call or text toll-free at 888.400.5530 or live chat on the company website, idtheftcenter.org.

First Impressions

Welcome to the Identity Theft Resource Center’s (ITRC) Weekly Breach Breakdown for April 26, 2024. Thanks to Sentilink for their support of the podcast and the ITRC. Each week, we look at the most recent events and trends related to data security and privacy. This week, we discuss how identity criminals targeted a LastPass employee in a deepfake attack. We also provide an update on the much-talked-about AT&T data breach that stems back to at least 2021.

Making a strong impression is the building block in making sure people remember who you are. It is vital in creating strong connections. Unfortunately, threat actors also try to make impressions in hopes that we will make decisions that we later regret. Fortunately, a group of threat actors targeting the password management service LastPass failed.

Failed Deepfake Attack on LastPass Employee

According to Bleeping Computer, identity criminals targeted a LastPass employee in a voice phishing deepfake attack. They used deepfake audio to impersonate Karim Toubba, the company’s CEO. The employee did not fall for the attack because the attacker used WhatsApp, which is not commonly used for business, and sent messages outside of business hours. LastPass Intelligence Analyst Mike Kosak says the employee received calls, texts and voicemails featuring an audio deepfake of Toubba.

Businesses Targeted by AI Voice Scams

The employee ignored the messages and reported the incident to the LastPass internal security team. Kosak says the failed deepfake attack had no impact on LastPass. However, the company chose to share the details of the incident to warn other businesses that AI-generated deepfakes are being executed.

Last month on the podcast, we discussed the threat of AI voice scams and how the average person should not be concerned about these scams. Threat actors will likely target businesses, high net worth and high-profile individuals. That is exactly what we saw here.

How to Avoid a Deepfake Attack

The biggest thing to remember if you are targeted by a deepfake attack is not to panic. Criminals want to leave an impression on you – in a bad way. They want to scare you into doing something you typically would not do. If you receive any calls or messages you are not expecting, ignore them, collect your thoughts, and contact the person the message or call claims to be from directly to verify the validity of the message.

Latest on the AT&T Data Breach

In other news, AT&T is notifying millions of current and former customers that their account data has been compromised and published on the dark web. According to a filing with the Office of the Maine Attorney General, the telecommunications company said 51.2 million account holders were affected. However, on AT&T’s website, the number is listed at 73 million.

Compromised data from the AT&T data breach includes names, email addresses, mailing addresses, phone numbers, Social Security numbers, dates of birth, AT&T account numbers and AT&T passcodes. It is believed that the data has been circulating online since at least 2021 and may be linked to a data breach in 2019.

Impact of Data Events on People of Color

In a Forbes article focusing on the impact of the AT&T data breach, CultureBanx CEO Kori Hale highlighted how data events like these have a negative impact on people of color. In a Rand Corporation study, Black business owners were the most likely to claim that a data breach led to a loss or decrease in business at 53 percent. The Rand Corporation study aligns with research conducted by the ITRC in 2023 for our initiative on understanding identity crimes in Black communities. To download the ITRC’s Identity in Practice Report, visit www.idtheftcenter.org/publicaitons.

What to Do If You Receive an AT&T Data Breach Notice

• Freeze your credit to ensure no new credit accounts can be opened in your name.
• Immediately change your passwords and switch to at least a 12+-character passphrase.
• Change the passwords of other accounts using the same password as the breached account; make sure you are not using the same password on more than one account.
• Use multifactor authentication (MFA) with an app – SMS can be spoofed.
• Keep an eye out for phishing attempts that claim to be from the breached organization.

Contact the ITRC

If you want to know more about how to protect your business or personal information, have questions about deepfake attacks or the AT&T data breach, or think you have been the victim of an identity crime, you can speak with an expert ITRC advisor on the phone, via text message, chat live on the web, or exchange emails during our normal business hours (Monday-Friday, 6 a.m.-5 p.m. PST). Just visit www.idtheftcenter.org to get started.

Thanks again to Sentilink for their support of the ITRC and this podcast. We will return next week with another episode of the Weekly Breach Breakdown.