AT&T Faces Another Massive Data Theft Affecting 90 Million Customers

AT&T, one of the largest mobile operators in the United States, recently reported a significant data breach that compromised the call and message records of nearly all its customers. This breach, which occurred over a span of six months in 2022, affected around 90 million people. The data breach involved the illegal downloading of customer data from a third-party cloud platform used by AT&T.

Details of the Breach

In a statement, AT&T disclosed that hackers had accessed and stolen data from their workspace on a third-party cloud platform. The company assured customers that the access point used by the hackers has since been secured. They also revealed that at least one person involved in the breach has been apprehended.

The stolen data includes phone numbers of AT&T mobile subscribers, as well as some location data indicating where calls were made and text messages sent. However, AT&T clarified that the content of the calls and messages, along with personal information such as names and social security numbers, were not part of the data stolen.

Potential Impact

AT&T believes that the stolen data is not publicly available at this time. They are continuing to work with law enforcement to arrest those responsible for the breach. While the data may not seem as sensitive as personal information, the loss of call and message records, along with location data, still poses significant risks. Malicious actors could potentially use this information to track individuals' movements and communication patterns.

Connection to Snowflake

Though not mentioned directly in AT&T's statement, it has been suggested that the breach involved Snowflake, a cloud platform providing data analytics services. Snowflake has recently experienced a series of data thefts, and sources close to the case confirmed that the hackers gained access to AT&T’s records through this platform.

A Second Major Breach in a Year

This breach follows a major cyberattack on AT&T earlier in March, where personal data of over 70 million current and former customers was leaked on the dark web. Darren Guccione, CEO and co-founder of Keeper Security, emphasized the compounded impact of these incidents, noting the erosion of customer trust.

Guccione highlighted that while the recent breach involves less sensitive information compared to the March incident, customers should still take proactive measures to protect themselves. He advised affected individuals to change their AT&T account passwords, enable multifactor authentication, and closely monitor their bank accounts. Additionally, he recommended signing up for dark web monitoring services or freezing their credit to prevent unauthorized loans or lines of credit.

Steps for Customers to Protect Themselves

Given the nature of the data stolen, customers should take the following steps to safeguard their information:

Change AT&T Account Passwords: Update passwords to ensure that unauthorized parties cannot access your account.

Enable Multifactor Authentication: Adding an extra layer of security can help protect your account even if your password is compromised.

Monitor Bank Accounts: Regularly check your bank statements for any suspicious activity.

Sign Up for Dark Web Monitoring: These services can alert you if your information appears on the dark web.

Freeze Credit: This can prevent new credit accounts from being opened in your name without your consent.

Ongoing Investigation

The Department of Justice has launched an investigation into the incident, aiming to bring the perpetrators to justice. AT&T continues to cooperate with law enforcement to mitigate the effects of the breach and prevent future occurrences.

Conclusion

The recent data breach at AT&T serves as a stark reminder of the vulnerabilities that even large corporations face in the digital age. While the compromised data did not include highly sensitive personal information, the incident underscores the importance of robust security measures and the need for customers to stay vigilant in protecting their personal information. As investigations continue, affected customers are urged to take proactive steps to secure their accounts and monitor for any signs of misuse.