In a startling revelation, AT&T has disclosed a significant data breach involving the exposure of call and text message records belonging to tens of millions of its cellphone customers from mid-to-late 2022. The breach, linked to an “illegal download” from its workspace on the Snowflake platform, was first detected in April, coinciding with another unrelated data leak incident the company was managing at the time.
The compromised data includes telephone numbers for nearly all AT&T cellular customers and users of wireless providers utilizing its network between May 1, 2022, and October 31, 2022. Additionally, records from a small subset of customers on January 2, 2023, were also impacted. While the breach did not expose the content of calls or texts, AT&T emphasized that personal details such as Social Security numbers and dates of birth were not compromised.
AT&T reassured customers that names associated with phone numbers were not directly exposed in this incident. However, the company acknowledged the potential for malicious actors to use publicly available tools to link names with specific phone numbers from the breached data. Despite this concern, AT&T stated that it currently does not believe the breached data is publicly accessible.
Promptly upon discovering the breach on April 19, AT&T initiated an investigation and engaged cybersecurity experts to mitigate the incident. The company swiftly closed the unauthorized access point and has been collaborating closely with law enforcement agencies. As a result of these efforts, AT&T confirmed that at least one individual has been apprehended in connection with the breach.
AT&T continues to monitor the situation closely and has committed to notifying both current and former customers whose information was compromised. The company is offering resources and support to affected individuals to help safeguard their personal information and mitigate potential risks arising from the breach.
Reference:
