Thursday, 31 October 2024

Major U.S. Cellphone Provider Hit With Massive Data Breach, “Nearly All” Customers Impacted


AT&T disclosed a security breach of call and text data that impacts nearly all of its 100 million+ customers.

“In April, AT&T learned that customer data was illegally downloaded from our workspace on a third-party cloud platform. We launched an investigation and engaged leading cybersecurity experts to understand the nature and scope of the criminal activity,” AT&T stated Friday.

“Based on our investigation, the compromised data includes files containing AT&T records of calls and texts of nearly all of AT&T’s cellular customers, customers of mobile virtual network operators (MVNOs) using AT&T’s wireless network, as well as AT&T’s landline customers who interacted with those cellular numbers between May 1, 2022 – October 31, 2022,” the company continued.

“The compromised data also includes records from January 2, 2023, for a very small number of customers. The records identify the telephone numbers an AT&T or MVNO cellular number interacted with during these periods. For a subset of records, one or more cell site identification number(s) associated with the interactions are also included,” the statement added.

Zero Hedge reports:

According to a Bloomberg report, the third-party cloud platform that the hackers accessed to steal the data is Snowflake.

In markets, AT&T shares fell 3%, while Snowflake shares dropped 5%.

AT&T does not believe the data has been leaked on the dark web yet. Bloomberg pointed out:

While much remains unknown about the breach, it has the potential — if the data is released — to be devastating for some customers. That includes anyone who doesn’t want others knowing who they are calling, such as politicians, executives, activists, journalists and their sources.

We reported on March 31 that the personal data of 73 million AT&T accounts were leaked onto the dark web. Much of the data appeared to be from 2019 or earlier.

“The data does not contain the content of calls or texts, personal information such as Social Security numbers, dates of birth, or other personally identifiable information. It also does not include some typical information you see in your usage details, such as the time stamp of calls or texts,” AT&T stated.

“Our top priority, as always, is our customers. We will provide notice to current and former customers whose information was involved along with resources to help protect their information. We sincerely regret this incident occurred and remain committed to protecting the information in our care,” the company added.

From The Hill:

Sen. Ron Wyden (D-Ore.) called on the Federal Communications Commission (FCC) to hold phone carriers accountable for their “negligence” in the wake of the massive security breach.

“This is not the first data breach revealed by a major phone company and it won’t be the last,” Wyden said in a statement. “These hacks, which are almost always the result of inadequate cybersecurity, won’t end until the FCC starts holding the carriers accountable for their negligence. These companies will keep shortchanging customer security until it hits them in the wallet with billion dollar fines.”

WATCH:

Read the full filing HERE.


Source link