A significant hack revealed the call and text histories of almost all AT&T mobile subscribers.
In mid-to late-2022, a large data breach exposed the phone calls and cellphone messages information of many millions of AT&T mobile subscribers as well as numerous non-AT&T customers, the telecom company said on Friday.
AT&T stated that messages and phone calls were not included in the compromised data. It is not yet thought that the leaked data is accessible to the general public. When the corporation discovered a "illegal upload" on a third-party cloud-based system in April, it was already dealing with a significant data leak that had nothing to do with it.
The phone numbers of "nearly all" of AT&T's cellular subscribers as well as those of wireless providers who utilise its network from May 1, 2022 and the end of the decade are among the exposed data, according to the company. Every number that AT&T customers, including those from other wireless networks, called or texted, as well as the frequency of their interactions and the length of each call, are all documented in the pilfered logs. According to AT&T, a "very small number" of users' records from the beginning of 2023 were likewise connected. The corporation claims that the contents of the texts and calls were kept private.
By the end of 2022, AT&T had around 110 million wireless customers. With a handful of calls to Canada, AT&T claimed that no foreign calls were contained in the stolen data.
Customers of AT&T landlines who communicated with those telephone numbers were also affected by the hack. Although AT&T claimed that no customer names were revealed in this instance, it did admit that names and phone numbers can frequently be connected using publicly accessible methods. Furthermore, AT&T reported that any number of cell site serial numbers associated with the calls and messages were also released for an unspecified fraction of its records. One or more parties' general geographic location may be revealed by such data.
In a statement, AT&T stated, "At this period, we are not convinced that the information in question is publicly available." "We deeply apologise for the incident that happened, and we're still committed to safeguarding the data under our control." AT&T committed to informing affected customers, both past and present, and offering them tools to safeguard their data. Despite the fact that phone and text records were revealed by the hack, AT&T insisted that the records did not include any personal information, such as SSA numbers, dates of birth, or other personally identifying data, nor did they include any details of the calls or texts. Not only that, but usage information like the timing of text messages and phone conversations was also secure.
A "threat actor purported to have illegally obtained and duplicated AT&T call logs," according to AT&T, which it discovered on April 19. The business claimed to have "immediately" employed specialists, and an inquiry that followed revealed that throughout April 14 as well as April 25, hackers had exfiltrated material. According to the corporation, the US Bureau of Justice decided in May and June that there was good reason to postpone making the information public. AT&T contacted the FBI soon after they discovered the intrusion, according to the FBI, but they needed to examine the information for any possible threats to national security.
"All parties considered delaying public reporting while evaluating the extent of the breach... because of possible threats to public safety and/or national security," the FBI stated in a statement. "During the first and second postponement processes, AT&T, the FBI, and the DOJ collaborated while exchanging critical threat intelligence to support FBI investigative capabilities and support AT&T's incident response activities." Following the news, premarket trading saw a 2% decline in AT&T shares.
According to AT&T spokesman Alex Byers, there is "no connection in any way" between the latest event and one that was reported in March. AT&T said at the time that 73 million current and past customers' Social Security numbers and other sensitive information had been leaked onto the dark web. Regarding the latest issue, AT&T said that it discovered in April that customer information had been unlawfully taken from its workspace on the third-party cloud platform Snowflake.
In a subsequent statement, Snowflake's chief information security officer, Brad Jones, stated that the business has not discovered any proof that this behaviour was "caused by a security hole, incorrect setup, or breach of Snowflake's platform." According to Jones, this has been confirmed by inquiries conducted by independent hackers at the researcher and CrowdStroke. According to AT&T, it closed the "illegal access point," engaged cybersecurity specialists, and started an inquiry.
