AT&T Discloses Massive Data Breach Exposing Phone Records of Almost All Customers to Criminals
In a recent development, AT&T has confirmed that it will begin notifying millions of its customers about a fresh data breach. The breach allowed cybercriminals to steal the phone records of nearly all of its customers.
Stolen Data Contains Phone Numbers and Call Records
According to AT&T, the stolen data contains phone numbers of both cellular and landline customers. It also includes AT&T records of calls and text messages made during a six-month period between May 1, 2022, and October 31, 2022.
Some Recent Data Included in Stolen Records
The company has stated that some of the stolen data includes more recent records from January 2, 2023, for a smaller but unspecified number of customers. This suggests that the breach may have continued beyond the initially reported six-month period.
Call and Text Metadata Included
AT&T clarified that the stolen data does not contain the content of calls or texts. However, it includes calling and texting records that an AT&T phone number interacted with during the specified period. Additionally, the metadata includes:
- The total count of a customer’s calls and texts
- Call durations
- Cell site identification numbers associated with phone calls and text messages
This information can be used to determine the approximate location of where a call was made or text message sent.
Notification Process for Affected Customers
In all, AT&T said it will notify around 110 million customers about the data breach. The company has published a website with information for customers about the data incident. AT&T has also disclosed the breach in a filing with regulators before the market opened on Friday.
Link to Snowflake Data Breach
AT&T stated that it learned of the data breach on April 19, and it was unrelated to its earlier security incident in March. The company’s spokesperson, Andrea Huguely, told TechCrunch that the most recent compromise of customer records were stolen from the cloud data giant Snowflake during a recent spate of data thefts targeting Snowflake’s customers.
Snowflake Blamed for Lack of Multi-Factor Authentication
Snowflake allows its corporate customers to analyze huge amounts of customer data in the cloud. However, it has been criticized for not enforcing or requiring multi-factor authentication to secure their accounts. This lack of security led to multiple data breaches, including one affecting AT&T.
Recent Victims of Snowflake Data Breach
AT&T is not the only company affected by the Snowflake breach. Other victims include:
- mSpy spyware customers
- Evolve Bank and Trust’s customers
- OpenAI
What Does This Mean for You?
The data breach may have significant implications for AT&T customers, particularly in terms of their personal security and data protection.
AT&T’s Response to the Breach
AT&T has taken steps to protect customer accounts by taking precautionary action after a security researcher warned that encrypted passcodes published on a cybercrime forum could be easily decrypted. This incident highlights the ongoing threat of data breaches and emphasizes the importance of robust security measures in protecting sensitive information.
Conclusion
The recent data breach affecting AT&T customers serves as a reminder of the ever-present threat of cyberattacks. As technology continues to evolve, so do the tactics used by hackers to exploit vulnerabilities in systems and steal sensitive information. It is essential for companies like AT&T to prioritize data security and take proactive measures to prevent such breaches.
Related News
