In a significant cybersecurity incident, AT&T has revealed that a recent data breach has led to the theft of phone records for “nearly all” of its customers.
This breach has affected millions of individuals, exposing sensitive information such as phone numbers, call logs, text message records, and location data. The telecommunications giant is now taking steps to notify affected customers and work with law enforcement to apprehend those responsible.
Details of the Breach
AT&T announced that the stolen data includes phone numbers of both cellular and landline customers. The breach also compromised AT&T’s records of calls and text messages during a six-month period from May 1, 2022, to October 31, 2022. Additionally, some records from January 2, 2023, were also stolen, affecting a smaller but unspecified number of customers.
The breach is not limited to AT&T customers alone. It also includes call records of customers from other cell carriers that use AT&T’s network. However, AT&T clarified that the content of the calls and texts was not included in the stolen data, but metadata—such as who contacted whom, the total count of calls and texts, and call durations—was exposed.
Implications of the Stolen Data
Metadata can reveal a lot about an individual’s communication patterns and, in some cases, their location. Some of the stolen records include cell site identification numbers associated with phone calls and text messages, which can be used to approximate the location of where a call was made or a text was sent. This kind of information can be particularly sensitive and valuable to cybercriminals.
Company Response and Notification
AT&T is preparing to notify around 110 million customers about the breach. A dedicated website has been published with information for affected customers. Additionally, AT&T disclosed the breach in a regulatory filing before the market opened on Friday.
Breach Linked to Snowflake
AT&T discovered the breach on April 19, linking it to the cloud data company Snowflake. This breach is separate from an earlier security incident in March. According to AT&T, customer records were stolen from Snowflake during a series of data thefts targeting its customers.
Snowflake provides a platform for companies, including telcos, to analyze large volumes of data in the cloud. It’s not clear why AT&T was storing customer data in Snowflake, but the breach has affected other companies like Ticketmaster and LendingTree subsidiary QuoteWizard. Snowflake attributed the data thefts to its customers’ failure to use multi-factor authentication, a security feature that Snowflake did not enforce.
Investigation and Legal Actions
Cybersecurity incident response firm Mandiant, brought in by Snowflake, reported that about 165 Snowflake customers had significant volumes of data stolen. The breach has been attributed to a cybercriminal group known as UNC5537, believed to be financially motivated with members in North America and Turkey.
Some stolen data from other corporate victims of the Snowflake breach has appeared on cybercrime forums. However, AT&T stated that it does not believe its stolen data is publicly available at this time. The company is working with law enforcement to track down the cybercriminals involved, and at least one person has already been apprehended.
Previous Incidents
This breach is the second security incident AT&T has reported this year. Previously, the company had to reset account passcodes for millions of customers after encrypted passcodes were published on a cybercrime forum. This earlier incident prompted precautionary measures to protect customer accounts.
Conclusion
The massive data breach at AT&T underscores the increasing frequency and severity of cyberattacks targeting sensitive customer information. As the company continues to address the fallout from this incident, affected customers are advised to stay vigilant and follow the guidance provided by AT&T to protect their personal information.
More News: Tech News
