AT&T has confirmed a data breach impacting almost all of its wireless customers.
AT&T has confirmed that hackers gained unauthorized access to data belonging to almost all of its wireless customers and customers of mobile virtual network operators (MVNOs) using AT&T’s network.
The breach occurred when threat actors accessed an AT&T workspace on a third-party cloud platform between April 14 and April 25, 2024. During this time, they extracted files containing records of customer call and text interactions from May 1 to October 31, 2022, and on January 2, 2023. The compromised data includes phone numbers that interacted with AT&T or MVNO wireless numbers, counts of interactions, and aggregate call duration. Some records also contained cell site identification numbers, potentially allowing the hackers to approximate customer locations at the time of calls or texts. AT&T plans to notify affected current and former customers.
Cybersecurity experts, including Jake Williams from IANS Research, highlight that stolen call data records (CDRs) are valuable for intelligence analysis as they reveal communication patterns. The breach is connected to other incidents affecting companies like Ticketmaster and Santander, all linked to the same third-party cloud provider, although the provider’s name has not been disclosed by AT&T.
AT&T discovered the breach on April 19, 2024, and promptly initiated response measures, including cooperation with law enforcement efforts leading to the apprehension of at least one individual involved. The accessed data does not include the content of calls or texts nor sensitive personal information like Social Security numbers or dates of birth. However, AT&T advises vigilance against potential phishing and fraud attempts and allows customers to request details of their affected calls and texts.
The cyber campaign against the cloud provider Snowflake, related to this breach, has impacted numerous companies, with demands for payment in exchange for stolen data. Snowflake has implemented enhanced security measures, including mandatory multi-factor authentication, to mitigate further risks.
