AT&T Inc. Faces Massive Data Breach Affecting Mobile Users
AT&T Inc. recently suffered a significant data breach impacting the records of calls and texts for nearly all its mobile-phone users over a six-month period in 2022. This event stands as one of the most substantial breaches of private communications data in recent history. The breach, which remained undisclosed until a regulatory filing on Friday, also affected records of customers from wireless service providers utilizing AT&T's network between May 1, 2022, and October 31, 2022.
In April, AT&T discovered that the data had been illegally downloaded from a workspace on a third-party cloud platform, identified as Snowflake Inc. The compromised information does not include call and message contents, personal details like birth dates and Social Security numbers, or the timings of the calls. Nevertheless, the records pinpoint the telephone numbers contacted by AT&T or MVNO cellular numbers during the stated periods. Despite the absence of customer names, there are online tools that can link these numbers to individual identities, raising concerns about potential misuse of the data.
This breach poses a severe risk, especially for individuals who require confidentiality in their communications, such as politicians, executives, activists, and journalists. The potential release of this data might be devastating for some users. At present, AT&T does not believe the compromised information has been publicly released.
Previous Breach and Investigation Efforts
In early April, it was reported that personal data from approximately 73 million current and former AT&T customers had been leaked on the dark web. This information primarily pertained to 2019 and earlier and was unconnected to the breach reported on Friday. The latest breach prompted an immediate investigation involving cybersecurity experts to seal off the illegal access point. AT&T has been collaborating with law enforcement and believes they have apprehended at least one individual implicated in the incident.
Snowflake Inc. Targeted by Hackers
In a related development last month, Snowflake revealed that hackers had targeted its customers using stolen login credentials. These credentials were acquired from sources like cybercriminal forums and used to infiltrate the accounts of up to 165 Snowflake customers. Victims included prominent companies such as Lending Tree, Advanced Auto Parts Inc., Pure Storage Inc., and Ticketmaster. The hackers did not breach Snowflake directly but exploited weak security measures, like the absence of multifactor authentication, to access these accounts.
AT&T's ongoing efforts include closing the security gaps and ensuring the incident's responsible parties are held accountable. The company continues to work closely with law enforcement agencies to mitigate any further risks.