AT&T has disclosed that cybercriminals have stolen data related to “nearly all” of its wireless customers. The stolen data includes phone numbers, calls, text records, and location-related information, although it does not contain the content of calls or texts.
In its SEC filing, the company says that “threat actors unlawfully accessed an AT&T workspace on a third-party cloud platform and, between April 14 and April 25, 2024”
AT&T says that the breach compromised phone records for six months between May 1, 2022, and October 31, 2022. This includes call logs for AT&T’s cellular and landline customers and customers of other carriers using AT&T’s network. Furthermore, records from January 2, 2023, were also affected for a smaller, unspecified group of customers.
The stolen data, often called metadata, encompasses the phone numbers in the communications, the total count of calls and texts, and call durations. Notably, some records include cell site identification numbers, which can approximate the location from where a call or text was made, adding a layer of privacy concern for the affected customers. However, AT&T clarified that the data does not include call or text timestamps.
AT&T is set to notify around 110 million customers about the breach. According to AT&T spokesperson Andrea Huguely, who spoke about the matter with TechCrunch, the company is cooperating with law enforcement to pursue the cybercriminals involved, and at least one individual has already been apprehended. The arrested suspect is not an AT&T employee, and the FBI is involved in the investigation.
The breach has been linked to Snowflake, a cloud data giant AT&T uses to store and analyze customer data. Snowflake has faced a series of data thefts recently, affecting numerous companies including Ticketmaster, Advance Auto Parts, and Ticketek.
Snowflake has maintained that the breaches were not due to vulnerabilities or misconfigurations within its platform. Instead, it pointed to its customers’ failure to implement necessary security features. This sentiment was echoed by cybersecurity firm Mandiant, which Snowflake called in to help with the investigation and customer notifications.
On its data breach disclosure page, AT&T highlighted that the company has taken immediate action to secure the compromised accounts and is working closely with cybersecurity experts to prevent future incidents. This breach is particularly concerning as it follows another major incident in March, where the personal information of millions of AT&T customers, including encrypted passcodes, was leaked.
