By Mark Lanterman
This past month, people across the country were impacted by a severe AT&T network disruption.1 Though the company encouraged people to make calls using Wi-Fi, the outage still affected many customers’ ability to access the internet or even contact emergency services. It made it difficult for some non-AT&T customers to reach out to individuals who had been impacted, and some police departments reported an increase in 911 calls from people looking for answers about what was going on.2 The outage caused a lot of confusion and created undeniable hurdles for customers.
In the immediate aftermath of the outage, many feared that a cyberattack was to blame. But within a few days, human error was revealed as the more probable culprit, though this may change—the event is still being investigated. According to AT&T’s statement, “Based on our initial review, we believe that today’s outage was caused by the application and execution of an incorrect process used as we were expanding our network, not a cyberattack.”3 At the time of this writing, it is not entirely clear what process was applied incorrectly, but it seems that this error is the suspected cause of the outage. As with any company or organization, network expansions are often fraught with technological difficulties. In this case, the consequences were severe.
Though a cyberattack is not currently thought to be the source of the AT&T outage, the company’s public response was similar to its response if an attack had occurred. Given the severity of the event (full restoration of the network took 12 hours and the outage affected a reported 70,000 customers4), the company issued a statement apologizing for the outage. Additionally, AT&T stated that it will provide $5 credits to affected accounts.5 While reactions to AT&T’s response have been mixed, some were generally displeased with AT&T’s communications during the event and felt that the credit was unsatisfactory.6 Some observers have noted that contacting the company directly with their concerns seemed to be beneficial.7 The company has also tried to assure customers that improvements are being made to its operations to prevent any similar future occurrences.
The ripple effect of technological errors can be disastrous; in this case, “cyber risk” doesn’t necessarily relate to cybercrime. Human errors can cause just as much damage, and restoring public faith can be just as difficult. Apart from the immediate financial damages caused by the outage, AT&T may face ongoing losses in the long term that are more difficult to quantify. For example, it was recently announced that New York Attorney Letitia James would be investigating the outage in an effort to protect consumers, acknowledging that a disruption to service can be more than just an inconvenience.8
In a digital world that greatly relies on the communication afforded by our devices, even a brief disruption can have devastating consequences. Business continuity plans are as critical as incident plans that seek to minimize the damages incurred through a successful cyberattack; restoring business operations as quickly as possible and providing clear communication throughout an event are imperative to minimize damages and reputational harm. Being aware of potential sources of human error, such as during periods of growth or the implementation of new technologies, can also help in reducing errors.
Notes
1 https://www.cnn.com/2024/02/22/tech/att-cell-service-outage/index.html
2 https://www.cnn.com/2024/02/22/tech/outage-att-cell-phone-service-cause/index.html
3 https://www.cnn.com/2024/02/22/tech/outage-att-cell-phone-service-cause/index.html
4 https://www.nbcnews.com/news/us-news/t-give-5-credits-customers-affected-widespread-service-outage-rcna140443
5 https://www.nbcnews.com/news/us-news/t-give-5-credits-customers-affected-widespread-service-outage-rcna140443
6 https://www.businessinsider.com/att-outage-5-credit-bill-reimbursement-customer-reaction-2024-2
7 https://www.cnbc.com/2024/02/28/in-wake-of-att-outage-consumer-advocate-urge-customers-to-ask-for-money-back-.html
8 https://www.nbcnews.com/news/us-news/t-nationwide-outage-investigation-nys-attorney-general-rcna141201
Mark Lanterman is CTO of Computer Forensic Services. A former member of the U.S. Secret Service Electronic Crimes Taskforce, Mark has 28 years of security/forensic experience and has testified in over 2,000 matters. He is a member of the MN Lawyers Professional Responsibility Board.