In a recent announcement, AT&T disclosed that hackers managed to steal call and message data from nearly all of its customers over a six-month period in 2022, affecting approximately 90 million people. The breach involved the illegal download of AT&T customer data from a third-party cloud platform. The company assured that the access point used by the hackers has since been secured and that at least one individual has been apprehended in connection with the incident.
The data compromised in the breach primarily consisted of records of phone calls and text messages exchanged between May 2022 and October 2022. This information included the phone numbers associated with AT&T mobile subscribers, as well as some location data that could potentially be exploited by malicious actors to determine the origin of calls and text messages. However, AT&T clarified that the content of the calls and messages, as well as personal details like names and social security numbers, were not included in the data breach.
Potential Implications
While AT&T emphasized that the stolen data is not believed to be publicly accessible at this time, concerns remain about the potential misuse of the compromised information. Although the company did not explicitly name Snowflake in its statement, speculation has arisen linking this cloud platform to the breach. This development is particularly alarming given Snowflake’s recent history of data theft incidents involving large corporations.
The data breach marks the second significant cybersecurity incident for AT&T this year, following a previous breach that exposed the personal information of over 70 million customers. In response to the latest breach, Darren Guccione, CEO of Keeper Security, urged affected individuals to take proactive measures to safeguard their identity. Recommendations include changing AT&T account passwords and implementing multifactor authentication to enhance security measures.
The Department of Justice has initiated an investigation into the data breach to identify the perpetrators and assess the extent of the security breach. This regulatory involvement underscores the seriousness of the incident and highlights the importance of holding accountable those responsible for compromising customer data.
Leave a Reply