July 12, 2024 at 09:42AM
AT&T experienced a major data breach, with threat actors stealing call logs for nearly all mobile customers, involving around 109 million customers. The breach occurred in April 2024, compromising call and text records for a specific period. Although no sensitive personal information was exposed, potential identity correlation is a concern. AT&T is cooperating with law enforcement, implementing additional cybersecurity measures, and will notify affected customers. Notably, AT&T assures that the breached data has not been publicly disclosed. Additionally, the breach is not linked to a previous incident in 2021. The breach is attributed to recent data theft attacks, using compromised credentials to access AT&T’s Snowflake account. This aligns with a broader trend, where Snowflake customers have been targeted by threat actors. AT&T is now among a list of high-profile entities affected by these attacks.
Key takeaways from the meeting notes:
– AT&T experienced a significant data breach where threat actors stole call logs for approximately 109 million customers, taken from an online database on the company’s Snowflake account.
– The stolen data includes call and text records of nearly all AT&T mobile clients and customers of mobile virtual network operators (MVNOs) within specific timeframes in 2022 and 2023. It doesn’t contain sensitive personal information such as Social Security numbers or names, but it includes telephone numbers, call interactions, and aggregate call duration data, which can be used to derive customer identities in many cases.
– AT&T worked with cybersecurity experts and law enforcement, securing permission to delay public notification to analyze the data for sensitive call records and investigative purposes.
– The stolen data is not publicly available as of now, and AT&T states it’s working with law enforcement to apprehend those involved while implementing additional cybersecurity measures to prevent unauthorized access attempts in the future.
– Snowflake, the cloud-based database provider where the data was stolen from, has introduced mandatory multi-factor authentication (MFA) to protect against similar attacks.
AT&T is planning to notify impacted customers soon and has assured that the incident is not related to the 2021 data breach affecting 51 million customers.