AT&T says criminals stole phone records of 'nearly all' customers in new data breach | TechCrunch (2024)

U.S. phone giant AT&T confirmed Friday it will begin notifying millions of consumers about a fresh data breach that allowed cybercriminals to steal the phone records of “nearly all” of its customers, a company spokesperson told TechCrunch.

In a statement, AT&T said that the stolen data contains phone numbers of both cellular and landline customers, as well as AT&T records of calls and text messages — such as who contacted who by phone or text — during a six-month period between May 1, 2022 and October 31, 2022.

AT&T said some of the stolen data includes more recent records from January 2, 2023 for a smaller but unspecified number of customers.

The stolen data also includes call records of customers with phone service from other cell carriers that rely on AT&T’s network, the company said.

AT&T said the stolen data “does not contain the content of calls or texts,” but does include calling and texting records that an AT&T phone number interacted with during the six-month period, as well as the total count of a customer’s calls and texts, and call durations — information that is often referred to as metadata. The stolen data does not include the time or date of calls or texts, AT&T said.

Some of the stolen records include cell site identification numbers associated with phone calls and text messages, information that can be used to determine the approximate location of where a call was made or text message sent.

In all, the phone giant said it will notify around 110 million AT&T customers of the data breach, company spokesperson Andrea Huguely told TechCrunch.

AT&T published a website with information for customers about the data incident. AT&T also disclosed the data breach in a filing with regulators before the market opened on Friday.

Breach linked to Snowflake

AT&T said it learned of the data breach on April 19, and that it was unrelated to its earlier security incident in March.

AT&T’s Huguely told TechCrunch that the most recent compromise of customer records were stolen from the cloud data giant Snowflake during a recent spate of data thefts targeting Snowflake’s customers.

Snowflake allows its corporate customers, like tech companies and telcos, to analyze huge amounts of customer data in the cloud. It’s not clear for what reason AT&T was storing customer data in Snowflake, and the spokesperson would not say.

AT&T is the latest company in recent weeks to confirm it had data stolen from Snowflake, following Ticketmaster and LendingTree subsidiary QuoteWizard, and others.

Snowflake blamed the data thefts on its customers for not using multi-factor authentication to secure their Snowflake accounts, a security feature that the cloud data giant did not enforce or require its customers to use.

Cybersecurity incident response firm Mandiant, which Snowflake called in to help with notifying customers, later said about 165 Snowflake customers had a “significant volume of data” stolen from their customer accounts.

Mandiant attributed the breach to an as-yet-uncategorized cybercriminal group tracked only as UNC5537. Mandiant’s researchers say the hackers are financially motivated and have members in North America and at least one member in Turkey.

Some of the other corporate victims of the Snowflake account thefts had data subsequently published on known cybercrime forums. For AT&T’s part, the company said that it does not believe that the data is publicly available at this time.

AT&T’s statement said it was working with law enforcement to arrest the cybercriminals involved in the breach. AT&T said that “at least one person has been apprehended.” AT&T’s spokesperson said that the arrested individual was not an AT&T employee, but deferred questions about the alleged criminals to the FBI.

An FBI spokesperson confirmed to TechCrunch on Friday that after the phone giant contacted the agency to report the breach, AT&T, the FBI and the Department of Justice agreed to delay notifying the public and customers on two occasions, citing “potential risks to national security and/or public safety.”

“AT&T, FBI, and DOJ worked collaboratively through the first and second delay process, all while sharing key threat intelligence to bolster FBI investigative equities and to assist AT&T’s incident response work,” the FBI spokesperson said.

The FBI did not comment on the arrest of one of the alleged cybercriminals.

This is . AT&T was forced to reset the account passcodes of millions of its customers after a cache of customer account information — including encrypted passcodes for accessing AT&T customer accounts — was published on a cybercrime forum. A security researcher told TechCrunch at the time that the encrypted passcodes could be easily decrypted, prompting AT&T to take precautionary action to protect customer accounts.

Read more on TechCrunch:

  • Data breach exposes millions of mSpy spyware customers
  • Apple warns iPhone users in 98 countries of spyware attacks
  • Evolve Bank says ransomware gang stole personal data on millions of customers
  • OpenAI breach is a reminder that AI companies are treasure troves for hackers

Updated with comment from the FBI.

AT&T says criminals stole phone records of 'nearly all' customers in new data breach | TechCrunch (2024)

References

Top Articles
Y.A. Tittle, NFL legend and Pro Football Hall of Famer, dies at age 90
Hall of Fame quarterback Tittle dies at age 90
$4,500,000 - 645 Matanzas CT, Fort Myers Beach, FL, 33931, William Raveis Real Estate, Mortgage, and Insurance
Knoxville Tennessee White Pages
Swimgs Yuzzle Wuzzle Yups Wits Sadie Plant Tune 3 Tabs Winnie The Pooh Halloween Bob The Builder Christmas Autumns Cow Dog Pig Tim Cook’s Birthday Buff Work It Out Wombats Pineview Playtime Chronicles Day Of The Dead The Alpha Baa Baa Twinkle
Edina Omni Portal
Enrique Espinosa Melendez Obituary
Hocus Pocus Showtimes Near Harkins Theatres Yuma Palms 14
Nfr Daysheet
Bloxburg Image Ids
How to Watch Braves vs. Dodgers: TV Channel & Live Stream - September 15
Cranberry sauce, canned, sweetened, 1 slice (1/2" thick, approx 8 slices per can) - Health Encyclopedia
Obituary | Shawn Alexander | Russell Funeral Home, Inc.
Rapv Springfield Ma
R/Altfeet
Readyset Ochsner.org
Wisconsin Women's Volleyball Team Leaked Pictures
Simon Montefiore artikelen kopen? Alle artikelen online
Craigslist List Albuquerque: Your Ultimate Guide to Buying, Selling, and Finding Everything - First Republic Craigslist
[Birthday Column] Celebrating Sarada's Birthday on 3/31! Looking Back on the Successor to the Uchiha Legacy Who Dreams of Becoming Hokage! | NARUTO OFFICIAL SITE (NARUTO & BORUTO)
Noaa Ilx
Metro Pcs.near Me
Nhl Tankathon Mock Draft
Shopmonsterus Reviews
Mals Crazy Crab
Hdmovie2 Sbs
Lacey Costco Gas Price
100 Gorgeous Princess Names: With Inspiring Meanings
Www Mydocbill Rada
Mchoul Funeral Home Of Fishkill Inc. Services
The Ultimate Guide to Obtaining Bark in Conan Exiles: Tips and Tricks for the Best Results
Www Craigslist Com Shreveport Louisiana
The Ride | Rotten Tomatoes
M3Gan Showtimes Near Cinemark North Hills And Xd
About Us | SEIL
oklahoma city community "puppies" - craigslist
Midsouthshooters Supply
State Legislatures Icivics Answer Key
Today's Gas Price At Buc-Ee's
Finland’s Satanic Warmaster’s Werwolf Discusses His Projects
Metro Pcs Forest City Iowa
Sept Month Weather
Postgraduate | Student Recruitment
Emily Tosta Butt
Birmingham City Schools Clever Login
Candise Yang Acupuncture
Kaamel Hasaun Wikipedia
Ouhsc Qualtrics
Strange World Showtimes Near Marcus La Crosse Cinema
Read Love in Orbit - Chapter 2 - Page 974 | MangaBuddy
Strange World Showtimes Near Century Federal Way
Olay Holiday Gift Rebate.com
Latest Posts
Article information

Author: Nicola Considine CPA

Last Updated:

Views: 6228

Rating: 4.9 / 5 (69 voted)

Reviews: 92% of readers found this page helpful

Author information

Name: Nicola Considine CPA

Birthday: 1993-02-26

Address: 3809 Clinton Inlet, East Aleisha, UT 46318-2392

Phone: +2681424145499

Job: Government Technician

Hobby: Calligraphy, Lego building, Worldbuilding, Shooting, Bird watching, Shopping, Cooking

Introduction: My name is Nicola Considine CPA, I am a determined, witty, powerful, brainy, open, smiling, proud person who loves writing and wants to share my knowledge and understanding with you.