AT&T revealed that hackers compromised call and message data from nearly all of its customers over a six-month period in 2022, affecting approximately 90 million people.
In April 2024, the company learned that "AT&T customer data was illicitly downloaded from our workspace on a third-party cloud platform," launching an immediate investigation. The company has since secured the access point and reported that "at least one individual has been apprehended" based on available information.
Although public companies are required to report breaches to the SEC after learning about them, the Department of Justice had granted AT&T exemptions in May and June to delay notification due to a potential national security or public safety harm if the breach were revealed.
AT&T told Telecom Review Americas that Mexican users were not affected by this incident while a source close to the case confirmed to AFP that the hackers had gained access to the AT&T records via Snowflake.
Reportedly, the hacker initially demanded USD 1 million from AT&T but ultimately agreed to a third of that to delete the data and provide a video demonstrating proof of deletion. Through an online blockchain tracking tool, a payment transaction occurred on May 17 in the amount of 5.7 bitcoin (more than USD 300,000).
"At this time, we do not believe the data is publicly available. We continue to work with law enforcement in their efforts to arrest those involved," the company added.
The hacked data mainly comprised records made between May 2022 and October 2022, but did not include the content of the calls and messages, nor personal information such as names or social security numbers.
“Our top priority, as always, is our customers. We will provide notice to current and former customers whose information was involved, along with resources to help protect their information,” concluded AT&T’s statement.
In April 2024, FCC ordered a monetary forfeiture order to AT&T worth USD 57 million due to disclosing its customers’ location information, without their consent, to a third party who was not authorized to receive it and for failing to take reasonable steps to protect its customers’ location information.
Alarmingly, this could further slash the trust towards AT&T as it already suffered a major cyberattack where the personal data of over 70 million current and former customers was leaked on the dark web.
Continue Reading:
Verizon's 2024 DBIR: Vulnerability Exploitation Behind Surge in Breaches
Cybersecurity in Today’s Technology World
Largest-Ever Denial-of-Service Attack