AT&T data breach: Phone records of 'nearly all' customers stolen
US telecommunications giant AT&T has confirmed a fresh data breach affecting "nearly all" of its customers. The breach has allowed cybercriminals to steal phone records, including numbers of cellular/landline customers, and call/text message records from May 1 to October 31, 2022. Some stolen data also includes records from January 2, 2023. This is the second security incident disclosed by AT&T this year, following a previous incident where customer account information was published on a cybercrime forum.
Breach affects customers of other carriers too
AT&T says the stolen data "does not contain the content of calls or texts," but includes calling and texting records, that an AT&T phone number interacted with during the six months. The stolen data does not reveal the time or date of calls or texts but includes metadata such as the total count and duration of calls and texts. The breach has also impacted customers of other cell carriers that use AT&T's network.
AT&T to notify 110 million customers
AT&T plans to notify approximately 110 million customers about the data leak, company spokesperson Andrea Huguely told TechCrunch. The company has also launched a website with information about the incident, and disclosed the breach in a filing with regulators. The breach has been linked to cloud data giant Snowflake and was discovered by AT&T on April 19, unrelated to an earlier security incident in March.
Snowflake blames customers for data breach
Snowflake permits its corporate customers, such as telecom operators and tech companies, to analyze extensive customer data in the cloud. The reason for AT&T storing customer data in Snowflake remains unclear. AT&T joins a growing list of companies confirming data breaches from Snowflake in recent weeks. Snowflake attributed the data thefts to its customers for not using multi-factor authentication, a security feature it did not enforce or require.
AT&T collaborates with law enforcement, one arrest made
AT&T is collaborating with law enforcement to apprehend the cybercriminals involved in the breach, and has confirmed that "at least one person has been apprehended." The individual arrested was not an AT&T employee. Further inquiries about the alleged criminals have been directed to the Federal Bureau of Investigation (FBI). AT&T claims that it does not believe the stolen data is publicly available at this time.