A data breach has compromised the call and text records of tens of millions of AT&T cellphone customers, the company revealed on Friday. This breach attributes to an illegal download on a third-party cloud platform affects customer data from mid-to-late 2022.
Also Read: Microsoft and Apple Withdraw from OpenAI Board Amid Antitrust Scrutiny
The breach affected customer data from May 1, 2022, to October 31, 2022. Additionally, records of a small number of customers from January 2, 2023 were also involved.
Nearly all of AT&T’s cellular customers including those using wireless providers on AT&T’s network had their call and text records exposed. AT&T listed approximately 110 million wireless subscribers by the end of 2022.
The exposed data includes telephone numbers, records of every number called or texted, the number of interactions and call durations.
For some records, one or more cell site identification numbers were also exposed revealing geographic locations of the involved parties.
The content of calls and texts, Social Security numbers, dates of birth or other personally identifiable information were not compromised. Usage details like the time of calls and text messages were also not affected.
The company learned about the breach on April 19, 2023, when a threat actor claimed to have unlawfully accessed and copied AT&T call logs.
The company quickly hired cybersecurity experts and launched an investigation determining that files were exfiltrated between April 14 and April 25.
The US Department of Justice requested a delay in public disclosure leading AT&T to announce the breach in July 2024.
The company has since taken additional cybersecurity measures to close off the illegal access point and prevent breaches.
They are cooperating with law enforcement and at least one individual has been apprehended in connection with the breach.
The company has promised to notify current and former customers whose information was involved and provide resources to protect their information.
Although names were not directly exposed, AT&T acknowledged that publicly available tools could often link names with specific phone numbers.
This incident is separate from another breach disclosed in March where personal information such as Social Security numbers of 73 million current and former customers was released onto the dark web.
The breach has not had a material impact on AT&T’s operations, financial condition or results. The FBI is investigating the incident and further actions might be taken based on their findings.
Also Read: Archegos Founder Bill Hwang Found Guilty Over Fraud Case
The illegal download occurred on a third-party cloud platform, Snowflake. AT&T has taken steps to secure its workspace and prevent similar breaches in the future.
The company’s investigation included closing the illegal access point and enhancing their cybersecurity measures to safeguard against such incidents.
The company learned about the breach on April 19, 2024 with unauthorized access occurring between April 14 and April 25, 2024. The company has begun notifying affected customers following the public announcement.
The breach was linked to a third-party cloud platform specifically Snowflake, which is used by AT&T to analyze large amounts of customer data.
This breach follows similar data thefts involving other companies that store customer data with Snowflake such as Ticketmaster and LendingTree’s QuoteWizard.
The company has begun notifying current and former impacted customers about the breach and is providing them with information on what to do next.
The company has reported the breach to regulators and is working with law enforcement agencies including the FBI to investigate the incident.
The company is implementing additional cybersecurity measures to prevent breaches and has shut down the point of unauthorized access. The company has confirmed it is reviewing its cybersecurity protocols in light of this incident.
The company announced that at least one individual has been apprehended in connection with the breach. This individual is not an AT&T employee and further inquiries about the suspects have been deferred to the FBI.
The company’s breach is the second security incident the company has faced in 2024 following an earlier event in March that made the company to reset account passcodes for millions of customers due to leaked account information.
Also Read: Samsung Union Workers to Extend Strike Indefinitely
