AT&T Data Breach: Nearly All Wireless Customers Affected, Threat Actors Accessed Call and Text Data

AT&T Confirms Data Breach Impacting Nearly All Wireless Customers

In a recent announcement, American telecom giant AT&T revealed that threat actors had gained unauthorized access to data belonging to “nearly all” of its wireless customers, as well as customers of mobile virtual network operators (MVNOs) that use AT&T’s network.

The breach occurred when threat actors breached an AT&T workspace on a third-party cloud platform and exfiltrated files containing customer call and text interactions that took place between May 2022 and January 2023. This data included phone numbers, call duration, and in some cases, cell site identification numbers.

Notably, the accessed information does not include personal details like Social Security numbers or dates of birth. AT&T assured customers that it would notify them if their information was compromised.

Security expert Jake Williams noted that the stolen data, known as call data records (CDR), can provide valuable insights for intelligence analysis, allowing threat actors to understand communication patterns.

The company is collaborating with law enforcement agencies to investigate the breach, and at least one suspect has been apprehended. Additionally, the incident is linked to a larger cyber campaign targeting the cloud provider Snowflake, impacting multiple customers and involving a financially motivated threat actor dubbed UNC5537.

In response to the breach, AT&T is advising customers to remain vigilant against phishing and online fraud. They can also request their call and text records from the illegally downloaded data. Snowflake, on the other hand, is implementing mandatory multi-factor authentication to enhance security for all users.

The fallout from the cybercrime spree is expanding, highlighting the importance of robust cybersecurity measures in safeguarding sensitive information.