AT&T has announced that a massive data breach incident within its system has affected about 109 million customers. Based on reports, the data breach could allow the threat actors to steal call logs of the compromised customers, or virtually all of its mobile customers, from an online database on AT&T’s Snowflake account.
Moreover, the company claimed in one of the inquiries that the attackers stole the data from the Snowflake account between April 14 and 25, 2024.
The company also admitted in its SEC filing that the stolen data includes the call and text records of nearly all AT&T mobile clients and mobile virtual network operators from May to October 2022 and January 2, 2023.
The confirmed details included in the stolen data are phone numbers for AT&T wireline customers and customers from other providers, phone numbers with which AT&T or MVNO wireless numbers communicated, the count of interactions, and total call time during a day or month.
However, the exposed records did not include the contents of the conversations or texts, customer names, or any other personally identifiable information (PII), such as Social Security numbers or birth dates.
On the other hand, although the accessed logs do not contain sensitive information that directly reveals customer identities, threat actors can still use the communications metadata to correlate them with publicly available information and easily deduce identities in many circumstances.
AT&T assured everyone that the situation had already been addressed after the hack had been identified.
After learning of the unauthorised intrusion, the company immediately contacted and collaborated with security providers and alerted relevant law enforcement agencies.
Additionally, the US Department of Justice permitted AT&T to delay public notification twice, in May 2024 and June 2024, implying that the data breach could have significant national security and public safety risks.
Users can use the links on the company’s FAQ page to see if their phone number’s data has been compromised. The company insisted that they have yet to find evidence that the attackers leaked the stolen data to the public, and this event is unrelated to the 2021 data breach.