AT&T disclosed today that data from “nearly all” of its customers from May 1, 2022 to October 31, 2022 and on January 2, 2023 was exfiltrated to a third-party platform in April 2024. Customers whose data was exposed will be informed. AT&T said the access point through which the cyberattack was conducted has been secured, and the data is no longer available.
Threat actor accessed phone numbers and call durations
According to AT&T, the threat actor accessed phone call and text message records, including which phone numbers customers interacted with and, in some cases, cell site ID numbers. The leak included both cell and landline customers.
The attackers could see “counts of those calls or texts and total call durations for specific days or months,” AT&T said in a notice to customers, but not the content of those calls or texts. Personally identifiable information like Social Security numbers or dates of birth wasn’t included either. However, the company noted threat actors may be able to use phone numbers to find the names of the people who use them.
AT&T spotted the attack in April
AT&T first became aware of the attack on April 19 after “a threat actor claimed” to have accessed the data, according to AT&T’s SEC filing about the incident.
SEE: On July 4, a separate cyberattack compromised nearly ten billion passwords for online accounts.
According to The Verge, the threat actor accessed the data through Snowflake, the data warehousing platform that was also used in a cyberattack in June.
One person has been apprehended by law enforcement in connection with the cyberattack, AT&T said in the notice.
AT&T disclosed the breach to the SEC using the relatively new Form 8-K. Implemented in December 2023, the SEC requires publicly traded organizations that experience a cyber incident to report the incident using this form if it is a “material” incident. As part of that disclosure, AT&T predicted that the April cyberattack was not “reasonably likely to materially impact AT&T’s financial condition or results of operations.”
On May 31, 2024, AT&T disclosed that passwords belonging to 7.6 million customers had been compromised in a data leak. The two attacks do not appear to be related.
How to manually check whether your data was affected
AT&T customers who manage business accounts can check whether their data was affected at myAT&T or the Premier business plan portal. All customers, including business accounts and former customers, can see exactly what information was exposed about their phone number through a variety of options AT&T presents on its support page.
What business leaders can learn from the AT&T hack
A large breach like this is a good reminder for businesses to be aware of risks to their third-party vendors and supply chains. Business leaders should also consider security tools such as endpoint detection and response or security information and event management and have a recovery and backup plan in place in case their data is stolen.
TechRepublic has reached out to AT&T for more information.