AT&T Data Breach Exposes Call and Text Records for Millions

AT&T Corp. revealed today that a massive data breach has impacted approximately 110 million individuals, exposing phone call and text message records for a majority of its customers. The breach, which occurred on a third-party cloud platform, allowed cyber intruders to access and download customer call and text interactions between specific dates. While the stolen data did not include personally identifiable information such as Social Security numbers or dates of birth, it did contain data that could be used to determine the approximate location of the customer device.

AT&T indicated that the data breach was detected in April, but disclosure was delayed following a request from federal investigators who expressed concerns over national security and public safety. The FBI confirmed its collaboration with AT&T and the Department of Justice in handling the incident and shared key threat intelligence to aid in the investigation.

The stolen customer records were reportedly obtained as part of a larger breach involving over 160 customers of the cloud data provider Snowflake. Other notable companies affected by the Snowflake breach include Advance Auto Parts, Allstate, Anheuser-Busch, and Ticketmaster, among others.

Security expert Mark Burnett highlighted the concern surrounding the stolen call and text records, emphasizing the potential misuse of metadata identifying communication patterns without timestamps or names. The incident raises questions about data protection practices and the need for improved security measures to safeguard customer information.

In response to the breach, AT&T is working to address the security vulnerabilities that led to the unauthorized access of customer data. The company’s financial outlook remains stable, with no significant impact expected from the breach on its operations.