AT&T Corp. has recently revealed that approximately 110 million people, most of its customers, have had their phone call and text message records exposed in a new data breach. The company explained that the delay in disclosing the incident was due to concerns regarding national security and public safety, as some of the exposed records could reveal the location of where calls and texts were made. Additionally, AT&T admitted that the customer records were stored in a cloud database that was only protected by a username and password, without the use of multi-factor authentication.
According to a regulatory filing with the U.S. Securities and Exchange Commission, cyber intruders gained access to an AT&T workspace on a third-party cloud platform in April. They downloaded files containing customer call and text interactions between May 1 and October 31, 2022, as well as on January 2, 2023. While the stolen data does not include personally identifiable information such as Social Security numbers or dates of birth, it did contain information about the location of cellular communications towers closest to the subscribers, which could be used to determine the approximate location of the customer device.
Although the data breach initially occurred in April, AT&T only learned of it on April 19 and delayed announcing it at the request of federal investigators. The FBI confirmed that they asked AT&T to hold off on notifying affected customers to assess potential risks to national security and/or public safety. The FBI, Department of Justice, and AT&T worked together to share key threat intelligence and assist in the incident response work.
According to a statement from an AT&T spokesperson, the customer data was stolen as part of an ongoing data breach involving more than 160 customers of the cloud data provider, Snowflake. Hackers were able to exploit weaknesses in Snowflake accounts protected by only a username and password, leading to the theft of sensitive customer data from multiple companies, including AT&T.
In response to these breaches, Snowflake now requires all new customers to use multi-factor authentication. Other companies that have had customer records stolen from Snowflake servers include Advance Auto Parts, Allstate, Anheuser-Busch, Los Angeles Unified, Mitsubishi, Neiman Marcus, Progressive, Pure Storage, Santander Bank, State Farm, and Ticketmaster.
This is not the first time AT&T has faced a data breach, as earlier this year, the company reset passwords for millions of customers following a breach from 2018. Mark Burnett, an application security architect, consultant, and author, expressed concern about the recent AT&T breach, highlighting the significance of the stolen metadata on customer call and text records.
It is important to address the lack of adequate security measures in place for storing sensitive customer data among major corporations. Despite the potential risks and repercussions of data breaches, companies like AT&T do not anticipate a significant impact on their financial status. This raises questions about accountability and the need for stricter security practices to safeguard customer information in the future.