AT&T, the U.S. telecommunications large, has disclosed a serious knowledge breach affecting nearly all of its prospects, the place cybercriminals efficiently accessed and stole in depth cellphone information. A spokesperson confirmed to TechCrunch on Friday that AT&T will quickly start notifying tens of millions of customers in regards to the breach.
In an announcement, AT&T revealed that the stolen knowledge encompasses cellphone numbers from each mobile and landline prospects, in addition to detailed name and textual content metadata. This contains data on who contacted whom through cellphone or textual content messages throughout a six-month interval spanning from Might 1, 2022, to October 31, 2022. Moreover, some newer information from January 2, 2023, for a smaller subset of consumers have been additionally compromised.
The breach additionally impacted AT&T’s prospects who use different mobile companies counting on AT&T’s community. Notably, the stolen knowledge doesn’t embody the content material of calls or texts however covers particulars akin to name durations, whole counts of calls and texts, and metadata that may be described as non-content data.
Among the many uncovered data are cell web site identification numbers linked to cellphone calls and textual content messages, which might doubtlessly reveal the approximate places from the place calls or texts have been made.
AT&T plans to inform roughly 110 million affected prospects in regards to the breach. The corporate has revealed a devoted web site offering data and assets for patrons affected by this incident. Moreover, AT&T has formally disclosed the breach in regulatory filings earlier than the market opened on Friday.
The breach, in response to AT&T, was detected on April 19 and is confirmed to be unrelated to a earlier safety incident reported in March. AT&T’s spokesperson, Andrea Huguely, knowledgeable TechCrunch that the latest compromise of buyer information stemmed from a knowledge breach at Snowflake, a outstanding cloud knowledge supplier. It stays unclear why AT&T was storing buyer knowledge with Snowflake, and the corporate declined to elaborate on this facet.
This incident marks AT&T as the newest sufferer amongst a latest spate of information breaches affecting Snowflake’s clientele, together with firms like Ticketmaster and LendingTree’s QuoteWizard subsidiary.
Snowflake attributed the breaches to an absence of multi-factor authentication (MFA) implementation by its prospects, a safety measure that the cloud knowledge supplier didn’t implement or mandate for its customers.
Cybersecurity incident response agency Mandiant, engaged by Snowflake to help in buyer notifications, reported that roughly 165 of Snowflake’s prospects skilled important knowledge theft from their accounts. Mandiant attributed these breaches to a cybercriminal group recognized as UNC5537, characterised as financially motivated and working throughout North America, with at the least one member primarily based in Turkey.
A number of company victims of the Snowflake account breaches subsequently had their knowledge revealed on well-known cybercrime boards. AT&T, nonetheless, acknowledged that it doesn’t imagine the stolen knowledge is publicly accessible right now.
In response to the breach, AT&T is actively collaborating with regulation enforcement companies to apprehend the cybercriminals concerned. The corporate confirmed that at the least one particular person has been arrested in reference to the breach. Huguely clarified that the arrested particular person isn’t an AT&T worker and redirected inquiries concerning the alleged criminals to the Federal Bureau of Investigation (FBI).
An FBI spokesperson verified to TechCrunch on Friday that following AT&T’s notification of the breach, AT&T, the FBI, and the Division of Justice (DOJ) cooperated to delay public and buyer notifications on two events. This delay was carried out resulting from perceived “potential dangers to nationwide safety and/or public security,” the FBI spokesperson disclosed.
This incident represents AT&T’s second safety breach reported this 12 months. Earlier, the corporate was compelled to reset the account passcodes for tens of millions of consumers after encrypted buyer account data surfaced on a cybercrime discussion board. Safety consultants warned that the encrypted passcodes might doubtlessly be decrypted, prompting AT&T’s precautionary measures to safeguard buyer accounts.
