AT&T confirms a data breach exposing call and text records for “Nearly All” customers from May 2022 to October 2022. Investigations are underway and 1 arrest has already been made.
While users try to make sense of the Ticketmaster data breach, AT&T has revealed a massive breach. The data breach which occurred earlier this year impacted millions of AT&T customers, allowing hackers to access the call and text message information of around 109 million customers.
The breach, detected on April 19, 2024, exposed call and text message information, affecting “Nearly All” cellular, mobile virtual network operators, and landline customers. AT&T has over 109 million customers in the United States.
As per AT&T’s Form 8-k filing, the stolen data included call and text records of all AT&T mobile clients, customers of mobile virtual network operators, and landline customers who interacted with the numbers between May 1 to October 31, 2022, and January 2, 2023. Hackers gained access to telephone numbers, interactions, aggregate call duration, and cell site identification numbers.
Data Breach Linked to Snowflake Flaw
AT&T has confirmed to Hackread.com that data was stolen from its Snowflake account in a wave of data theft attacks between April 14 and April 25, 2024, using compromised credentials.
For your information, Snowflake is a cloud-based database provider that allows customers to perform data warehousing and analytics on large volumes of data. The recent Snowflake vulnerability concerns revolve around a series of identity-based cyberattacks targeting Snowflake’s customer accounts, rather than a direct breach of Snowflake’s systems.
Since April 2024, there has been an increase in unauthorized access attempts using stolen credentials from various unrelated cyber incidents including the following:
and 100s of others…
What information was exposed?
- Duration of the calls
- Dates of the calls or texts
- Phone numbers involved in the calls or texts
What information was not exposed?
- Names
- Addresses
- Call/text timestamps
- Content of calls/texts
- Social Security numbers
This means while the breach is significant, hackers did not steal any sensitive information but they can correlate metadata to reveal identities.
1 Arrested
AT&T is working with law enforcement to investigate the data breach and apprehend those responsible, while one individual has already been arrested. The company has not yet provided any information on how the breach occurred.
However, it has implemented additional cybersecurity measures to prevent unauthorized access attempts and will notify affected customers soon. There is no evidence of the accessed data being publicly available.
AT&T was granted permission twice by the US Department of Justice to delay public notification of the data breach due to potential national security and public safety risks, which is the first such exception. The FBI and AT&T collaborated during the delay process to boost investigative equities and support AT&T’s incident response work.
“On May 9, 2024, and again on June 5, 2024, the U.S. Department of Justice determined that, under Item 1.05(c) of Form 8-K, a delay in providing public disclosure was warranted. AT&T is now timely filing this report. AT&T is working with law enforcement in its efforts to arrest those involved in the incident. Based on information available to AT&T, it understands that at least one person has been apprehended. As of the date of this filing, AT&T does not believe that the data is publicly available. “
AT&T
Jim Routh, Chief Trust Officer at cybersecurity company Saviynt commented on the AT&T data breach emphasising on overhalling the third-party data storage ecosystem. “Though the data breach did not include customer credential information, it is another example of the need for enterprises to invest in redesigning third-party governance models specific to credential management.“
Jason Soroko, Senior Vice President of Product at Sectigo, a Scottsdale, Arizona-based provider of comprehensive certificate lifecycle management (CLM), also commented urging Snowflake customers to implement multi-factor authentication (MFA) to protect their accounts from cyber attacks.
“Companies using Snowflake should immediately implement multi-factor authentication (MFA) to enhance security and protect sensitive data as MFA provides an additional layer of defence against unauthorized access, significantly reducing the risk of breaches,“ explained Jason. “This is true, not just for Snowflake, but anyone using a third-party service via an authenticated session, that authentication needs to be using a credential stronger than just username and password,“ he advised.
Nevertheless, this is not the first time that AT&T has been hit by a data breach. In August 2021, hackers sold an AT&T database containing 70 Social Security Numbers (SSNs) on a cybercrime forum. In April 2024, AT&T confirmed a massive data breach impacting a staggering 73 million (73,481,539) current and former customers when hackers leaked the trove of data on Breach Forums.
The company has also been criticized for its billing practices, with some customers accusing it of adding unauthorized charges to their bills. The latest data breach is likely to further erode trust in AT&T.