The company said in a statement that "AT&T customer data was illegally downloaded from our workspace on a third-party cloud platform" and that it had opened an investigation.
It added that the access point used by the hackers "has been secured" and that "based on information available to us...at least one person has been apprehended."
The data mainly comprised records of phone calls and text messages made between May 2022 and October 2022.
These are the phone numbers used by AT&T mobile subscribers, and also, in some cases, location data that could help malicious actors determine where calls were made and text messages sent.
But according to AT&T, the data downloaded by the hackers did not include the content of calls and messages, nor personal information such as names or social security numbers.
"At this time, we do not believe the data is publicly available. We continue to work with law enforcement in their efforts to arrest those involved," the company added.
Although Snowflake is not mentioned in the statement, eyes have turned to this cloud platform, which sells data analytics services to large corporations and has recently suffered a wave of data thefts.
A source close to the case confirmed to AFP that the hackers had gained access to the AT&T records via Snowflake.
AT&T already suffered a major cyberattack in March, when the personal data of over 70 million current and former customers was leaked on the dark web.
This is a "second blow to the millions of customers who have already lost trust after having their private information exposed by the company earlier this year," said Darren Guccione, CEO and co-founder at Keeper Security.
Although this time the information is "less sensitive than that disclosed in the previous breach," Guccione recommended that those affected take steps to protect their identity, such as changing their AT&T account password and implementing multifactor authentication.
He further advised customers to monitor their bank accounts, sign up for a dark web monitoring services or freeze their credit "to prevent the approval of new loans or lines of credit" in their name.
The Department of Justice said that it was investigating the incident.
© 2024 AFP
Data of AT&T customers downloaded to third-party platform after security breach
An AT&T logo (Mark Lennihan/AP)
FRI, 12 JUL, 2024 -
MICHELLE CHAPMAN, ASSOCIATED PRESS
The data of nearly all customers of the telecommunications giant AT&T was downloaded to a third-party platform in a 2022 security breach, the company said on Friday, as cyberattacks against businesses, schools and health systems continue to spread globally.
The breach hit customers of AT&T’s mobile phone customers, customers of mobile virtual network operators using AT&T’s wireless network, as well as its landline customers who interacted with those mobile numbers.
AT&T said that it does not believe the data is publicly available.
“The data does not contain the content of calls or texts, personal information such as social security numbers, dates of birth or other personally identifiable information,” AT&T said on Friday.
The compromised data also does not include some information typically seen in usage details, such as the time stamp of calls or texts, the company said, or customer names.
AT&T, however, said that there are often ways, using publicly available online tools, to find the name associated with a specific telephone number.The data does not contain the content of calls or texts, personal information such as social security numbers, dates of birth or other personally identifiable information
An internal investigation determined that compromised data includes files containing AT&T records of calls and texts between May 1, 2022 and October 31, 2022.
AT&T has more than 100 million customers in the US and almost 2.5 million business accounts.
The company said on Friday that it has launched an investigation and engaged with cybersecurity experts to understand the nature and scope of the criminal breach.
Compromised data also includes records from January 2, 2023, for a very small number of customers.
The records identify the telephone numbers an AT&T or MVNO mobile number interacted with during these periods.
For a subset of records, one or more cell site identification number(s) associated with the interactions are also included.
The company continues to co-operate with law enforcement on the incident and that it understands that at least one person has been apprehended so far.
The year has already been marked by several major data breaches, including an earlier attack on AT&T.
In March AT&T said that a dataset found on the “dark web” contained information such as social security numbers for about 7.6 million current AT&T account holders and 65.4 million former account holders.
Some car dealerships are still using pens and paper to close deals after back-to-back cyberattacks last month on a company that supplies them with software.
That company, CDK Global, is still attempting to re-establish normal operations.
Cybersecurity experts are warning that hospital systems around the US, which have already been targeted, are at risk for more attacks and that the government is doing too little to prevent breaches.
