U.S. telecom giant AT&T has confirmed a major data breach that has compromised the phone records of nearly all its customers. This latest breach, which was discovered on April 19, has exposed millions of phone numbers, calling and text records, and location-related data.
AT&T has started notifying millions of affected customers about this data breach. The stolen data includes phone numbers for both cellular and landline customers, records of calls and text messages (detailing who contacted whom), and metadata such as the total number of calls and texts, and call durations. The company has assured that the content of the calls and texts was not compromised.
The breach affects records from a six-month period between May 1, 2022, and October 31, 2022. Additionally, some data from as recent as January 2, 2023, has also been compromised for a smaller, unspecified group of customers. Importantly, the stolen data includes call records for customers of other cell carriers that use AT&T’s network.
Among the stolen data are cell site identification numbers linked to phone calls and text messages. This information can potentially be used to determine the approximate location where a call was made or a text message was sent, posing a significant privacy risk.
AT&T will be notifying approximately 110 million customers about this breach. The company has set up a dedicated website to provide affected customers with information about the incident. AT&T also disclosed the breach in a regulatory filing before the market opened on Friday.
The data breach has been linked to a compromise of customer records stored on Snowflake, a cloud data platform. Snowflake enables corporate customers, including tech companies and telcos, to analyze vast amounts of customer data. The breach appears to have stemmed from Snowflake customers not using multi-factor authentication, a security measure that Snowflake does not enforce or require.
AT&T is not the only victim of this breach. Other companies, including Ticketmaster and LendingTree subsidiary QuoteWizard, have also reported data thefts linked to Snowflake. According to Mandiant, a cybersecurity firm called in to assist, about 165 Snowflake customers had a significant volume of data stolen. The cybercriminal group responsible, tracked as UNC5537, is believed to be financially motivated with members in North America and Turkey.
AT&T is collaborating with law enforcement to apprehend the cybercriminals involved. One individual has already been arrested in connection with the breach. The FBI and the Department of Justice delayed notifying the public about the breach on two occasions, citing potential risks to national security and public safety.
This is the second major security incident AT&T has reported this year. Previously, the company had to reset the account passcodes for millions of customers after a cache of encrypted customer information was published on a cybercrime forum.
This latest breach underscores the growing threats to customer data and the importance of robust security measures. AT&T’s quick response and cooperation with law enforcement are critical steps in mitigating the impact of this breach. However, customers should remain vigilant and take any recommended precautions to protect their personal information.
