News
The breach, which occurred in 2022, could affect tens of millions of customers
Today, a regulatory filing from AT&T has revealed a major data breach that occurred in 2022, with hackers able to access call and text message records of “nearly all” of the operator’s wireless customers.
The data was reportedly compromised between April 14 and April 25, 2022, as well as a single day in January 2023.
The breach exposed call and text records, though AT&T says this does not include the content of those calls or texts.
Personal information, such as names or social security numbers, was not accessible by the hackers.
“At this time, we do not believe that the data is publicly available,” AT&T said in a statement. “We sincerely regret this incident occurred and remain committed to protecting the information in our care.”
According to AT&T, the breach impacted “nearly all” of the company’s roughly 100 million wireless customers, as well as those of mobile virtual network operators that provide services to customers using AT&T’s network. A number of AT&T’s landline customers who interacted with affected mobile numbers between May and October 2022 may also have been impacted.
Investigations into the breaches began on April 19, when AT&T says a “threat actor claimed to have unlawfully accessed and copied AT&T call logs.”
AT&T says its delay in informing customers of the data breach relates to instructions from the US Department of Justice, who told the operator in May and June that a delay in public disclosure was “warranted”. No further information was given about the delay.
Exactly how the breach occurred remains unclear, though AT&T reportedly told CNN that customer data was illegally downloaded from its workspace on Snowflake, a third-party cloud platform.
Snowflake rejects this claim, with the company’s chief information and security officer saying no evidence has been found that the breach was caused by a vulnerability, misconfiguration or breach of Snowflake’s platform”.
AT&T is working with police to find those responsible for the breach, with one person reportedly apprehended in connection to the investigation.
Keep up to date with all of the latest telecoms news with Total Telecom’s daily newsletter! Sign up here
Also in the news:
Australian Government and AWS Collaborate to Strengthen country’s Cybersecurity
Solving congestion challenges in FTTP deployment
Vodafone Invests £120m in AI Chatbot ‘SuperTOBi’