AT&T reports third party data breach exposing over 110 million customers
Learn More
AT&T Corp. is reporting a major data breach impacting approximately 110 million of its customers, exposing phone call and text message records.
The breach occurred on the cloud platform Snowflake, which had inadequate security measures, requiring only a username and password for access, and exposed call data dated between May 1 and October 31, 2022, with additional records from January 2, 2023.
It was discovered on April 19, 2023, but AT&T delayed disclosure due to national security and public safety concerns, as requested by federal investigators.
- Records of calls and texts, including phone numbers and call duration.
- Information about the location of cellular communication towers nearest to the subscriber, which could be used to determine the approximate location of the customer device.
AT&T's breach also affected mobile virtual network operators reselling AT&T's services. The company emphasized that while names were not included in the exposed data, it is possible to associate phone numbers with names using publicly available tools.
This breach is unrelated to an earlier incident AT&T experienced in March 2023.
AT&T is now contacting affected customers and providing recommendations for protecting themselves from phishing and fraud attempts, such as verifying communications and being cautious of unsolicited messages.
Update - Wired reports that AT&T paid a member of the ShinyHunters hacking group over $300,000 to delete the data and provide proof of its deletion. AT&T paid the ransom of 5.72 Bitcoin (approx. $373,646 at the time) through a go-between, Reddington, who facilitated the negotiation. Initially, the hacker demanded $1 million but settled for about one-third of that amount. A video was provided to AT&T as proof of data deletion from the hacker's computer. Despite the payment, the security of some AT&T customers remains uncertain as portions of the data may still be held by others who accessed it.
As of 19th of July, 2024 AT&T disclosed that a data breach compromised phone numbers linked to the Commerce Department's FirstNet service, affecting a proportion similar to their broader customer base. FirstNet is a nationwide, high-speed broadband network dedicated to first responders and public safety officials, created in response to communication challenges during emergencies like the 9/11 attacks.
This update reverses AT&T's initial statement regarding the breach's impact on the FirstNet program, which is critical for emergency public safety services.
