AT&T faces massive data breach impacting 109 million customer accounts
AT&T has disclosed a significant security breach that resulted in nearly all its customer data being downloaded to a third-party platform. This incident, part of a growing trend of cyberattacks on businesses, schools, and health systems globally, highlights the increasing vulnerabilities in digital infrastructures.
Scope of the breach
The breach, occurring over five months in 2022, affected AT&T’s cellular customers, mobile virtual network operators using AT&T’s wireless network, and landline customers interacting with those cellular numbers. Approximately 109 million customer accounts were impacted. AT&T assured that the compromised data does not include the content of calls or texts, personal information such as Social Security numbers, dates of birth, or other personally identifiable information.
“The data does not contain the content of calls or texts, personal information such as Social Security numbers, dates of birth, or other personally identifiable information,” AT&T said Friday.
Nature of the compromised data
AT&T clarified that the breached data lacks typical usage details such as timestamps of calls or texts and customer names. However, the company acknowledged that publicly available tools could potentially match telephone numbers to specific names.
“While the information that was exposed doesn’t directly have sensitive information, it can be used to piece together events and who may be calling who. This could impact people’s private lives as private calls and connections could be exposed,” stated Thomas Richards, principal consultant at Synopsys Software Integrity Group.
Investigation and response
An internal investigation revealed that the compromised data includes records of calls and texts between May 1, 2022, and October 31, 2022. The breach involved an AT&T workspace on the Snowflake platform and did not affect AT&T’s network. The company is collaborating with cybersecurity experts to understand the scope of the breach. At least one person has been apprehended in connection with the incident.
Ongoing risks and industry impact
Roei Sherman, Field Chief Technology Officer at Mitiga, commented on the broader implications of the breach: “The AT&T data breach underscores the growing risks associated with the vast amounts of data companies now store on cloud and SaaS platforms. As organizations increasingly rely on these technologies, the complexity of detecting and investigating breaches has risen sharply.”
Government involvement
The Federal Bureau of Investigation (FBI) and the Department of Justice (DOJ) have been involved in the investigation. The DOJ acknowledged the breach early this year but supported a delayed public disclosure to mitigate risks to national security and public safety. The Federal Communications Commission (FCC) is also investigating.
Context of the breach
This breach is one of several significant data breaches this year, including an earlier attack on AT&T in March, where a dataset containing information on current and former account holders was found on the dark web. Other recent cyberattacks have targeted auto dealerships and the Alabama State Department of Education.
Cybersecurity experts continue to warn about the heightened risk of attacks on hospital systems and criticize the U.S. government’s efforts to prevent breaches as insufficient.