AT&T today revealed that data for “nearly all” of its customers from May 1, 2022, through October 31, 2022, and January 2, 2023, was leaked to a third-party platform in April 2024. Customers whose data was exposed will be notified. AT&T said the access point through which the cyberattack was carried out has been secured and the data is no longer available.
The threat actor accessed phone numbers and call durations
According to AT&T, the threat actor accessed phone call and text message records, including the phone numbers customers interacted with and, in some cases, cell site identification numbers. The breach affected both landline and cellular customers.
Attackers could see “the count of those calls or texts and the total duration of calls for specific days or months,” AT&T said in an advisory to customers, but not the content of those calls or texts. Personally identifying information like Social Security numbers or birth dates was also not included. However, the company noted that threat actors could use phone numbers to find the names of people who use them.
AT&T detected the attack in April
AT&T first learned of the attack on April 19 after “a threat actor claimed” to have accessed the data, according to AT&T’s SEC filing on the incident.
SEE: On July 4, another cyberattack compromised nearly ten billion online account passwords.
According to The Verge, the threat actor accessed the data through Snowflake, the data storage platform that was also used in a cyberattack in June.
One person has been arrested by police in connection with the cyberattack, AT&T said in the notice.
AT&T disclosed the security breach to the SEC using the relatively new Form 8-K. Implemented in December 2023, the SEC requires publicly traded organizations that experience a cyber incident to report the incident using this form if it is a “material” incident. As part of that disclosure, AT&T predicted that the April cyberattack was not “reasonably likely to materially affect AT&T’s financial condition or results of operations.”
On May 31, 2024, AT&T revealed that the passwords of 7.6 million customers had been compromised in a data breach. The two attacks do not appear to be related.
How to manually check if your data was affected
AT&T customers who manage business accounts can check if their data was affected in myAT&T or the Premier business plan portal. All customers, including business accounts and former customers, can see exactly what information was exposed about their phone number through a variety of options AT&T presents on its support page.
What business leaders can learn from the AT&T hack
A major data breach like this is a good reminder for businesses to be aware of the risks to their third-party vendors and supply chains. Business leaders should also consider security tools such as endpoint detection and response or security information and event management, and have a backup and recovery plan in place in case their data is stolen.
TechRepublic has reached out to AT&T for further information.
