Data Breaches Highlight Lack of Basic Cyber Controls

AT&T, UnitedHealth Group join a growing list of companies with hacks traced to the absence of one particular security measure: multifactor authentication. Breaches at companies including AT&T and UnitedHealth Group in recent months have one thing in common: Hackers gained access because basic security measures weren’t implemented.

There was no software bug or formidable nation-state hack, or clever social-engineering tactic that let attackers in. Rather, it was because companies didn’t enable multifactor authentication on one or more key systems.

Snowflake, Inc., is a cloud-based data hosting company used by some of the biggest and most recognized companies in America and abroad. Those companies, including Ticketmaster, AT&T and Advanced Auto Parts, have housed customers’ personally identifying information with Snowflake, but according to the class-action lawsuit filed in federal court in Butte, the company didn’t take measures to secure the data, which may have been compromised as early as 2020 through June 2024.