Table of Contents
Nearly all of AT&T’s 110 million wireless subscribers were victims of a massive data breach, leaving them wondering what information might have been leaked.
The data breach, which occurred over five months in 2022, included call and text message records that would expose people’s personal communications.
Hackers could also have accessed geolocation by using identification numbers attached to cell towers associated with account phone numbers.
Although the exposed data did not include customer names, there are “publicly available online tools” capable of connecting the numbers to people’s identities, AT&T said.
AT&T has suffered the largest data breach in the United States, exposing “almost all” of its customers’ information on a third-party platform. The information revealed customer call and text message data that could reveal their geographic location.
What AT&T information was leaked?
AT&T disclosed the data breach on Friday, noting that the stolen data contained records from May 1 to Oct. 31, 2022, as well as some from Jan. 2, 2023.
The data showed which phone numbers AT&T customers called during that period, including how many calls and text messages were made to a specific person and the total duration of the calls.
But the information obtained did not include time stamps of the calls and text messages, nor did it reveal names, dates of birth, or social security numbers.
AT&T said one or more cell site identification numbers were associated with calls and text messages, which could reveal the general location of one or more of the parties.
If the records were leaked, the information would reveal who AT&T customers called and texted, putting high-profile individuals such as politicians and executives at risk.
This is because the phone numbers would be linked, allowing malicious actors to find the name associated with a specific phone number.
AT&T explained that the information was downloaded to a third-party cloud platform from AT&T’s Snowflake workspace. a cloud-based data warehouse that enables businesses to manage, store and process customer data and files.
Brad Jones, Snowflake’s chief information security officer, said: CNN that they have found no evidence that the cyberattack was not “caused by a vulnerability, misconfiguration or breach of Snowflake’s platform.”
How do you know if you were impacted?
AT&T has already taken cybersecurity measures to shut down the hotspot breached by the hackers and plans to notify affected customers in the near future.
A website will also be created where customers can determine whether their data was compromised in the attack; AT&T has not specified when it will be available.
The company said Friday that the breach has not affected AT&T’s operations and sought to reassure customers that it “does not believe the data is publicly available.”
AT&T said the cyberattack compromised the information of “nearly all” of its 110 million landline and cell phone customers in the United States.
Why did it take AT&T three months to notify its customers?
AT&T said it learned that “a threat actor claimed to have illegally accessed and copied AT&T call records” on April 19.
The company said it “immediately” hired experts to investigate the attack who determined that hackers had stolen the 2022 files between April 14 and April 25.
The FBI is investigating the cyberattack and at least one person has been arrested in connection with the hack.
They allegedly did not notify customers immediately because the U.S. Department of Justice (DOJ) determined that “a delay in providing public information was necessary.”
The FBI told Dailymail.com that AT&T contacted the agency to report the incident shortly after identifying a potential breach.
“AT&T, the FBI and the Department of Justice worked collaboratively during the first and second delay processes, while sharing key threat information to strengthen the FBI’s investigative efforts and assist AT&T’s incident response efforts,” the FBI said.
‘The FBI prioritizes assistance to victims of cyberattacks, encourages organizations to establish a relationship with their local FBI office before a cyber incident occurs and to contact the FBI early in the event of a security breach.’
A Justice Department spokesperson told DailyMail.com that AT&T’s delay in notifying customers helped the department conclude that disclosing the cyberattack “would pose a substantial risk to national security and public safety.”
How many times has AT&T been hacked this year?
At the same time AT&T reportedly learned of the cyberattack, it was dealing with a separate breach in which customer records from 2019 or earlier were leaked on the dark web.
The dark web is a hidden part of the Internet that requires a specific browser to access and allows users to hide their identity and location from others, including law enforcement.
The attack included the leak of Social Security numbers and other personal information that forced the company to reset passwords for 73 million accounts.
It affected 7.6 million current AT&T customers and approximately 65.4 million former account holders.
In March, AT&T notified its customers that a marketing provider it used was hacked in January, exposing private information of wireless account holders.
This breach exposed the customer proprietary network information (CPNI) of approximately 9 million AT&T customers, including names, wireless account numbers, wireless phone numbers, and email addresses.
In the wake of the cyberattacks, AT&T is facing dozens of class-action lawsuits alleging the company knew about the breaches but failed to act.