A PNW cybersecurity professor says data leaks like the recent AT&T data breach are becoming less surprising and more widespread. 

In March, AT&T announced that data from roughly 73 million former and current users was leaked onto the dark web. The data contained customers’ personal information, including social security numbers and passcodes. 

“I’m not surprised [this happened],” said Charles Rabello DeCastro, a professor who teaches courses in Cybersecurity and Computer Forensics. “[It’s] not just with AT&T. There’s other companies that are probably being breached right now that don’t know it.

“Security breaches just don’t happen and then they find out about it,” he said. “A lot of security breaches can go on for … two years before a company finds out that they’ve been attacked. It’s what we call an advanced persistent threat.” 

In 2023 alone, AT&T rival T-Mobile reported three separate data breach attacks, affecting over 37 million T-Mobile users. In a 2023 MIT study was found that the number of data breaches more than tripled between 2013 and 2022. 

It also reported that the number of incidents is increasing.

“When viruses were first created, it was a joke that [people] played against each other,” said DeCastro, who spent years in law enforcement before becoming a teacher. “Then there came a point when viruses were destructive. Now it’s a money-making thing. Data is worth money.

“Think about what other information phone companies have, or any other company,” he said. “If I subpoena a person’s record I get where they were at, who they text, [who] they call… and some of these places record your conversations.”