- Data from nearly all of AT&T’s wireless customers was compromised
- AT&T doesn’t believe the data was made publicly available
- Data hacks involving cellular operators appear all too common these days
Cell phone calls and texts of nearly all of AT&T’s cellular customers – and customers of mobile virtual network operators (MVNOs) using AT&T’s wireless network – in 2022 were hacked, the operator disclosed Friday.
The company said it’s been working with law enforcement in efforts to arrest those involved and signs point to at least one person being arrested.
Besides cell phone subscribers, the compromised data includes landline customers who interacted with cellular customer numbers between May 1, 2022, and October 1, 2022. Data from January 2, 2023, also was compromised for a smaller number of customers.
AT&T said the records identify the telephone numbers an AT&T or MVNO number interacted with during these periods. For a subset of records, one or more cell site identification number(s) associated with the interactions also were included.
Fortunately, the compromised data doesn’t contain the content of calls/texts or personal information such as Social Security numbers, dates of birth or other personally identifiable information.
However, while the data doesn’t include customer names, AT&T noted that there are often ways, using publicly available online tools, to find the name associated with a specific telephone number.
As of now, they don’t believe that the data was made publicly available.
AT&T said it’s reaching out via email or mail to let all affected customer know about the breach.
Snowflake implicated
An AT&T spokesperson said the incident was limited to an AT&T workspace on Snowflake’s cloud platform.
“Like most companies that deal with large amounts of data, AT&T often uses specialized and trusted cloud services platforms for various functions. These platforms enable companies to work with large amounts of data in a centralized place. In this case, AT&T had put a copy of the data on the third-party platform for analysis related to our business,” the AT&T spokesperson explained.
Brad Jones, chief information security officer at Snowflake, said in a statement provided to Fierce that the company has not identified evidence suggesting the activity was caused by “a vulnerability, misconfiguration, or breach of Snowflake’s platform."
That also has been verified following investigations with third-party cybersecurity experts at Mandiant and CrowdStrike, according to Jones.
Delayed public reporting
Why are we just hearing about this now?
AT&T said it learned on April 19, 2024, that a threat actor claimed to have unlawfully accessed and copied AT&T call logs. The company immediately activated its incident response process to investigate.
According to AT&T’s SEC filing, it contacted the U.S. Department of Justice (DoJ), which determined in May and June that a delay in providing public disclosure was warranted.
In a statement provided to Fierce, the FBI said that in assessing the nature of the breach, they discussed a potential delay in public reporting “due to potential risks to national security and/or public safety.”
“AT&T, FBI, and DOJ worked collaboratively through the first and second delay process, all while sharing key threat intelligence to bolster FBI investigative equities and to assist AT&T’s incident response work,” the FBI said. “The FBI prioritizes assistance to victims of cyber-attacks, encourages organizations to establish a relationship with their local FBI field office in advance of a cyber incident, and to contact the FBI early in the event of breach.”
AT&T’s data breach is the latest in a series to hit the telecom sector. AT&T earlier this year reported a data leak affecting 73 million customers.
T-Mobile has seen its share of data breaches, reaching a $500 million settlement in 2022 – but that certainly wasn’t the last of them. Dish Network was the target of a cyberattack last year.