A significant data breach at AT&T has exposed the call and text interaction records of nearly all its wireless customers, linking the incident to recent attacks targeting Snowflake customers. AT&T announced on Friday that almost all its wireless subscribers were affected by a hack that occurred between April 14 and April 25, 2024. During this period, a hacker exfiltrated files containing records of customer calls and texts between May 1 and October 31, 2022, as well as on January 2, 2023.
In an SEC filing, AT&T disclosed that the stolen data does not include the content of calls or texts, Social Security numbers, dates of birth, or other personally identifiable information. However, it does contain records of calls and texts, identifying the telephone numbers involved, the frequency of interactions, and the aggregate call duration for specific periods. For some records, cell site identification numbers are also included.
The company emphasized that while customer names were not included, it is possible to find names associated with specific telephone numbers using publicly available online tools. Thomas Richards, principal consultant at Synopsys Software Integrity Group, noted, “While the exposed information doesn’t directly contain sensitive details, it can be used to piece together who may be calling whom. This could impact people’s private lives as private calls and connections could be exposed.”
Tony Anscombe, Chief Security Evangelist for ESET, warned, “Using public search or data from other breaches available on the dark web, it’s possible to link phone numbers to people and email addresses. This could lead to targeted attacks using the information gained from the AT&T breach.” Anscombe advised caution, saying, “If you receive a message claiming to be from a contact you frequently call or text with a ‘new number,’ confirm the change by calling the number you have or emailing them before interacting. The issue now involves the context it adds to other breached data, enabling cybercriminals to profile individuals for spear-phishing and potential identity theft.”
Despite reporting the incident to the SEC, AT&T stated that the breach “has not had a material impact on AT&T’s operations” and is not expected to “materially impact AT&T’s financial condition or results of operations.” AT&T, with roughly 115 million wireless customers, revealed that customer data was “illegally downloaded from our workspace on a third-party cloud platform.” Although the company did not name the platform, multiple sources linked the breach to a series of data thefts from the Snowflake platform, where attackers compromised hundreds of instances using stolen customer credentials.
In June, Mandiant reported that a financially motivated threat actor, tracked as UNC5537, had compromised hundreds of Snowflake instances using credentials stolen via infostealer malware that infected non-Snowflake owned systems. AT&T believes the stolen data is not currently publicly available and confirmed that at least one person has been apprehended.
Other potential victims in the Snowflake attack campaign include Ticketmaster, Santander Bank, Anheuser-Busch, Allstate, Advance Auto Parts, Mitsubishi, Neiman Marcus, Progressive, and State Farm.
Disclaimer
NextNews strives for accurate tech news, but use it with caution - content changes often, external links may be iffy, and technical glitches happen. See full disclaimer for details.