AT&T data breach includes records of ‘nearly all’ cell customers

12 Jul 2024

Image: Mike Mozart/Flickr (CC BY 2.0)

An AT&T spokesperson said roughly 110m customers will be notified about the breach and that the data was stolen from cloud data giant Snowflake, which has been linked to multiple high-profile breaches this year.

US telecoms giant AT&T has suffered a massive data breach that exposed the calls and texts of nearly all of its cellular customers.

The company said it learned in April that customer data was illegally downloaded from its workspace on a “third-party cloud platform”. AT&T has launched an investigation and is working with law enforcement on the breach – it also claims that at least one person has been apprehended.

A company spokesperson told TechCrunch that it will notify around 110m customers about the data breach.

“We launched an investigation and engaged leading cybersecurity experts to understand the nature and scope of the criminal activity,” AT&T said in a statement. “We have taken steps to close off the illegal access point.”

The compromised data includes records of calls and texts for “nearly all” of AT&T’s cellular customers. It also includes data from customers of mobile virtual network operators using AT&T’s wireless network and landline customers who interacted with the exposed cellular numbers between 1 May and 31 October 2022.

“The data does not contain the content of calls or texts, personal information such as social security numbers, dates of birth or other personally identifiable information,” the company said. “While the data does not include customer names, there are often ways, using publicly available online tools, to find the name associated with a specific telephone number.”

Linked to Snowflake

An AT&T spokesperson also told TechCrunch that the customer data was stolen from the cloud data giant Snowflake. Various high-profile companies that use Snowflake’s services have been targeted in recent months by cyberattackers.

The victims of this campaign include Ticketmaster, which suffered a massive data breach that saw the data of 560m accounts go up for sale on the dark web. Snowflake previously investigated the wave of breaches with the support of cybersecurity companies – including Google-owned Mandiant.

This investigation claimed that it notified “approximately 165 potentially exposed organisations” about the threat.

Jason Soroko, SVP of product management at Sectigo, said companies using Snowflake should immediately implement multifactor authentication (MFA) to enhance their security and protect sensitive data.

“MFA provides an additional layer of defence against unauthorised access, significantly reducing the risk of breaches,” Soroko said. “This is true not just for Snowflake, but for anyone using a third-party service via an authenticated session, that authentication needs to be using a credential stronger than just username and password.”

Find out how emerging tech trends are transforming tomorrow with our new podcast, Future Human: The Series. Listen now on Spotify, on Apple or wherever you get your podcasts.

Image: Mike Mozart via Flickr (CC BY 2.0)

Leigh Mc Gowran is a journalist with Silicon Republic

editorial@siliconrepublic.com