AT&T has disclosed a significant data breach affecting nearly all its cellular customers. The breach, discovered in April 2024, involved unauthorized access to customer call and text records stored on a third-party cloud platform, Snowflake. The company has initiated an investigation, secured the access point, and is working with law enforcement, leading to at least one arrest.
The compromised data includes phone numbers of AT&T wireless and landline customers and records of calls and texts from May 1, 2022, to October 31, 2022, and on January 2, 2023. Some records also contain cell site identification numbers, revealing approximate locations of calls and texts. Notably, the breach did not involve the content of calls or texts, timestamps, or sensitive personal information like Social Security numbers or dates of birth.
AT&T learned of the breach on April 19, 2024, when a threat actor claimed to have accessed and copied the data. The breach involved exfiltration of files between April 14 and April 25, 2024. The company immediately engaged cybersecurity experts to assist in the investigation. Current analyses indicate that the stolen data, although extensive, does not include customer names directly but could potentially be linked to identities through publicly available tools.
AT&T has started notifying approximately 110 million customers about the breach. This includes current and former customers, as well as customers of mobile virtual network operators (MVNOs) using AT&T’s network. The company is providing instructions for affected individuals to check their account status and obtain details of the compromised data.
The breach is part of a series of incidents affecting customers of Snowflake, with other companies like Ticketmaster, Neiman Marcus, and Advance Auto Parts also impacted. The root cause has been linked to inadequate security measures, particularly the lack of enforced multi-factor authentication for Snowflake accounts.
AT&T says it is enhancing its cybersecurity protocols and collaborating with law enforcement to bring the perpetrators to justice. AT&T also reassures customers that, based on current information, the stolen data is not believed to be publicly available.
For customers seeking to protect themselves from potential phishing and other online threats, AT&T advises caution when handling unsolicited messages and recommends visiting their CyberAware site for more cybersecurity tips.
This latest AT&T security incident is not in any way linked to the compromise of data of 73 million customers the American telecom giant persistently denied for nearly three years.
Leave a Reply