July 12, 2024 at 10:17AM
AT&T suffered its second cyberattack this year, with data on “nearly all” wireless customers being compromised, including those with MVNOs. The breach on a third-party cloud platform exposed call and text metadata, potentially enabling customer geolocation. Around 110 million customers were affected, and the incident is linked to the Snowflake data breach. Despite the arrest of a suspect, AT&T stressed that the two incidents are unrelated.
From the meeting notes, it is clear that AT&T suffered a second cyberattack this year resulting in the theft of data belonging to nearly all AT&T wireless customers, as well as those served by mobile virtual network operators running on AT&T’s network.
The breach occurred at a third-party cloud platform and led to the theft of call and text metadata of approximately 110 million customers. While no personal information was compromised, the theft included cell tower identification numbers, potentially exposing some customers to geolocation-based risks.
AT&T stated that it does not believe the stolen customer data has been published online and that at least one person has been arrested by the FBI in connection to the theft of its records. The FBI confirmed its collaboration with AT&T on the matter.
The breach at the third-party cloud platform is linked to the ongoing recovery from digital break-ins at Snowflake, affecting approximately 165 companies. Security researchers at Mandiant believe that affected Snowflake customers did not have multifactor authentication enabled on their accounts.
It was not clarified if AT&T had forgotten to enable multifactor authentication on its Snowflake account.
In March, AT&T reported a separate customer data exposure, unrelated to the recent incident. Despite the telco’s claim that the two incidents are unrelated and that the data stolen in the previous attack didn’t originate from its systems, it is facing the challenge of addressing multiple high-profile breaches.