Tech
AT&T Corp. Data Breach Exposes 110 Million Customer Records
AT&T Corp. disclosed today that a new data breach has exposed phone call and text message records for roughly 110 million people – nearly all of its customers. The telecom giant cited ‘national security and public safety concerns’ as the reason for delaying the disclosure of the incident. The exposed data, stored in a cloud database, included records of call and text interactions without personally identifiable information.
In a filing with the U.S. Securities and Exchange Commission, AT&T revealed that cyber intruders accessed customer records on a third-party cloud platform in April. The stolen data spanned interactions between May 1 and October 31, 2022, and on January 2, 2023. The company clarified that the breach did not compromise sensitive data like Social Security numbers or dates of birth.
According to AT&T, a segment of the stolen records contained details about the locations of cellular communication towers closest to subscribers. This information could potentially be leveraged to identify the approximate location of the devices involved in the calls or texts. Despite customer names not being included, AT&T acknowledged that it might be possible to link telephone numbers to specific individuals using publicly available tools.
The telecom company notified the FBI about the breach on April 19, but the disclosure to affected customers was delayed at the bureau’s request. In a statement, the FBI confirmed collaboration with AT&T and the Department of Justice during the investigative process to mitigate risks to national security and public safety.
Reports suggest that the breach is connected to over 160 customers of the cloud data provider Snowflake. Cybercriminals exploited stolen Snowflake credentials obtained from the dark web to gain unauthorized access. Companies like Advance Auto Parts, Allstate, and Ticketmaster faced similar data breaches due to weak security measures.
Mark Burnett, an application security expert, raised concerns about the breach’s implications, emphasizing the potential misuse of call and text metadata. The lack of stringent security measures has left sensitive customer data vulnerable to exploitation, prompting questions about the responsibility of corporations in safeguarding user information.