AT&T disclosed a massive data breach affecting nearly all its customers. Cybercriminals stole millions of phone records, including calling and texting information, during a period between May 1, 2022, and October 31, 2022. The phone giant confirmed the breach and announced it would notify around 110 million customers.
AT&T spokesperson Andrea Huguely informed that the stolen data includes phone numbers of cellular and landline customers. Additionally, it contains call and text message metadata, such as who contacted whom and call durations. Though the content of calls and texts remains secure, the breach exposed valuable metadata and phone numbers.
The breach also impacted customers of other cell carriers relying on AT&T’s network. Moreover, the stolen data includes cell site identification numbers, revealing the approximate location of where calls and texts originated.
AT&T breach linked to Snowflake
AT&T learned of the breach on April 19, discovering that cybercriminals had stolen customer data from the cloud data giant Snowflake. This incident followed a recent series of data thefts targeting Snowflake’s clients. Snowflake blamed the breaches on customers failing to use multi-factor authentication, a security measure it did not enforce.
The breach extends beyond AT&T, with other victims including Ticketmaster and LendingTree subsidiary QuoteWizard. Cybersecurity firm Mandiant, assisting with customer notifications, reported that about 165 Snowflake clients had significant volumes of data stolen. Mandiant attributed the breach to a cybercriminal group tracked as UNC5537, motivated by financial gain and based in North America and Turkey.
AT&T published a website with details for affected customers and filed a report with regulators. The FBI confirmed that AT&T, the FBI, and the Department of Justice delayed public notification twice, citing potential risks to national security and public safety.
This breach marks AT&T’s second major security incident this year. Earlier, the company reset account passcodes after customer information, including encrypted passcodes, surfaced on a cybercrime forum.
AT&T assured customers it is collaborating with law enforcement to apprehend the criminals behind the breach. The company confirmed that at least one suspect has been arrested, though not an AT&T employee.
This unprecedented breach underscores the importance of robust cybersecurity measures and the need for vigilance against evolving cyber threats.
{{user}} {{datetime}}
{{text}}