AT&T disclosed a security breach of call and text data that impacts nearly all of its 100 million+ customers.
“In April, AT&T learned that customer data was illegally downloaded from our workspace on a third-party cloud platform. We launched an investigation and engaged leading cybersecurity experts to understand the nature and scope of the criminal activity,” AT&T stated Friday.
“Based on our investigation, the compromised data includes files containing AT&T records of calls and texts of nearly all of AT&T’s cellular customers, customers of mobile virtual network operators (MVNOs) using AT&T’s wireless network, as well as AT&T’s landline customers who interacted with those cellular numbers between May 1, 2022 – October 31, 2022,” the company continued.
“The compromised data also includes records from January 2, 2023, for a very small number of customers. The records identify the telephone numbers an AT&T or MVNO cellular number interacted with during these periods. For a subset of records, one or more cell site identification number(s) associated with the interactions are also included,” the statement added.
AT&T Reveals Hackers Stole "Nearly All" Records Of Customer Calls, Texts https://t.co/Ihv2BSAsAl
— zerohedge (@zerohedge) July 12, 2024
Zero Hedge reports:
According to a Bloomberg report, the third-party cloud platform that the hackers accessed to steal the data is Snowflake.
In markets, AT&T shares fell 3%, while Snowflake shares dropped 5%.
AT&T does not believe the data has been leaked on the dark web yet. Bloomberg pointed out:
While much remains unknown about the breach, it has the potential — if the data is released — to be devastating for some customers. That includes anyone who doesn’t want others knowing who they are calling, such as politicians, executives, activists, journalists and their sources.
We reported on March 31 that the personal data of 73 million AT&T accounts were leaked onto the dark web. Much of the data appeared to be from 2019 or earlier.
JUST IN – "Nearly all" of AT&T's over 110 million customers' call and text interactions exposed in "hack." — CNN
— Disclose.tv (@disclosetv) July 12, 2024
“The data does not contain the content of calls or texts, personal information such as Social Security numbers, dates of birth, or other personally identifiable information. It also does not include some typical information you see in your usage details, such as the time stamp of calls or texts,” AT&T stated.
“Our top priority, as always, is our customers. We will provide notice to current and former customers whose information was involved along with resources to help protect their information. We sincerely regret this incident occurred and remain committed to protecting the information in our care,” the company added.
From The Hill:
Sen. Ron Wyden (D-Ore.) called on the Federal Communications Commission (FCC) to hold phone carriers accountable for their “negligence” in the wake of the massive security breach.
“This is not the first data breach revealed by a major phone company and it won’t be the last,” Wyden said in a statement. “These hacks, which are almost always the result of inadequate cybersecurity, won’t end until the FCC starts holding the carriers accountable for their negligence. These companies will keep shortchanging customer security until it hits them in the wallet with billion dollar fines.”
WATCH:
BREAKING – MASSIVE: AT&T Announces Massive Data Breach Affecting Over 100 Million Customers, Virtually All Of Their Customers, Exposing Their Text Messages, Pictures They Send To Love Ones, Secrets They Share, Videos. WATCH pic.twitter.com/ff9PKUJLR2
— Simon Ateba (@simonateba) July 12, 2024
Read the full filing HERE.
Source link