The US Senate is demanding answers from AT&T following a significant data breach earlier this year that exposed the phone records of nearly all its customers. The breach has raised serious concerns about AT&T’s cybersecurity practices and its use of third-party cloud services.
In letters sent to AT&T CEO John Stankey and Snowflake CEO Sridhar Ramaswamy, Senators Richard Blumenthal (D-CT) and Josh Hawley (R-MO) highlighted that the breach was likely preventable. The stolen data included phone numbers, call and text message records, and location-related information, accessed from AT&T’s Snowflake environment.
Blumenthal and Hawley pointed out that the attackers used stolen login credentials obtained through malware infections. These credentials were from Snowflake accounts, which lacked two-factor authentication (2FA). This security lapse allowed the cybercriminals to access and steal a vast amount of data.
“Disturbingly, the AT&T breach appears to have been easily preventable,” write the senators. They criticize the basic cybersecurity errors that compounded the situation, such as the use of the same passwords for years and the absence of firewalls and multi-factor authentication. These lapses indicate “gross negligence” given the sensitivity of the stolen data.
The senators are particularly concerned about the potential misuse of the stolen data. “AT&T customers, including businesses and government entities, should be deeply concerned about this theft of private information about their communications.” The stolen information, even without names and addresses, could be pieced together using publicly available tools to track individuals’ activities and locations.
AT&T’s response to the breach has also come under scrutiny. The company delayed notifying affected customers at the request of federal investigators, citing potential risks to national security and public safety. However, this delay has not eased concerns about the broader implications of the breach.
Blumenthal and Hawley are seeking detailed explanations from AT&T on several points:
- How the hackers initially gained access to the Snowflake services and whether contractors were involved.
- A timeline of the breach, including discovery, response, and remediation.
- Details on the types of data stolen and how it affects customer privacy.
- Notifications and support for affected customers, including those of mobile virtual network operators (MVNOs) that use AT&T’s network.
- The reasons for retaining extensive records of customer communications and uploading them to a third-party analytics platform.
- The timing and reasoning behind the delay in public notification.
The senators’ inquiries reflect broader concerns about corporate data security practices. Despite the repeated occurrence of such breaches, companies continue to store sensitive customer data with minimal security protections.
The breach is part of a series of data thefts targeting Snowflake customers, including other major companies like Ticketmaster, Advance Auto Parts, and Ticketek. These incidents highlight vulnerabilities in cloud services used for data storage and analysis.
AT&T has stated that it does not believe the stolen data is publicly available, but the potential for misuse remains high. The hacker involved, a member of the ShinyHunters group, has a history of leaking data and demanding ransoms. Although the hacker claims to have deleted the data after receiving a $370,000 payment from AT&T, there are concerns that excerpts of the data may still be in circulation and could be sold to criminals and foreign entities.
