AT&T says criminals stole phone records of 'nearly all' customers in new data breach

Zack Whittaker

Updated July 12, 2024 at 12:25 PM·4 min read

U.S. phone giant AT&T confirmed Friday it will begin notifying millions of consumers about a fresh data breach that allowed cybercriminals to steal the phone records of "nearly all" of its customers, a company spokesperson told TechCrunch.

In a statement, AT&T said that the stolen data contains phone numbers of both cellular and landline customers, as well as AT&T records of calls and text messages — such as who contacted who by phone or text — during a six-month period between May 1, 2022 and October 31, 2022.

AT&T said some of the stolen data includes more recent records from January 2, 2023 for a smaller but unspecified number of customers.

The stolen data also includes call records of customers with phone service from other cell carriers that rely on AT&T's network, the company said.

AT&T said the stolen data "does not contain the content of calls or texts," but does include calling and texting records that an AT&T phone number interacted with during the six-month period, as well as the total count of a customer's calls and texts, and call durations — information that is often referred to as metadata. The stolen data does not include the time or date of calls or texts, AT&T said.

Some of the stolen records include cell site identification numbers associated with phone calls and text messages, information that can be used to determine the approximate location of where a call was made or text message sent.

In all, the phone giant said it will notify around 110 million AT&T customers of the data breach, company spokesperson Andrea Huguely told TechCrunch.

AT&T published a website with information for customers about the data incident. AT&T also disclosed the data breach in a filing with regulators before the market opened on Friday.

Breach linked to Snowflake

AT&T said it learned of the data breach on April 19, and that it was unrelated to its earlier security incident in March.

AT&T's Huguely told TechCrunch that the most recent compromise of customer records were stolen from the cloud data giant Snowflake during a recent spate of data thefts targeting Snowflake's customers.

Snowflake allows its corporate customers, like tech companies and telcos, to analyze huge amounts of customer data in the cloud. It's not clear for what reason AT&T was storing customer data in Snowflake, and the spokesperson would not say.

AT&T is the latest company in recent weeks to confirm it had data stolen from Snowflake, following Ticketmaster and LendingTree subsidiary QuoteWizard, and others.

Snowflake blamed the data thefts on its customers for not using multi-factor authentication to secure their Snowflake accounts, a security feature that the cloud data giant did not enforce or require its customers to use.

Cybersecurity incident response firm Mandiant, which Snowflake called in to help with notifying customers, later said about 165 Snowflake customers had a "significant volume of data" stolen from their customer accounts.

Mandiant attributed the breach to an as-yet-uncategorized cybercriminal group tracked only as UNC5537. Mandiant's researchers say the hackers are financially motivated and have members in North America and at least one member in Turkey.

Some of the other corporate victims of the Snowflake account thefts had data subsequently published on known cybercrime forums. For AT&T's part, the company said that it does not believe that the data is publicly available at this time.

AT&T's statement said it was working with law enforcement to arrest the cybercriminals involved in the breach. AT&T said that "at least one person has been apprehended." AT&T's spokesperson said that the arrested individual was not an AT&T employee, but deferred questions about the alleged criminals to the FBI.

An FBI spokesperson confirmed to TechCrunch on Friday that after the phone giant contacted the agency to report the breach, AT&T, the FBI and the Department of Justice agreed to delay notifying the public and customers on two occasions, citing "potential risks to national security and/or public safety."

"AT&T, FBI, and DOJ worked collaboratively through the first and second delay process, all while sharing key threat intelligence to bolster FBI investigative equities and to assist AT&T’s incident response work," the FBI spokesperson said.

The FBI did not comment on the arrest of one of the alleged cybercriminals.

This is the second security incident AT&T has disclosed this year. AT&T was forced to reset the account passcodes of millions of its customers after a cache of customer account information — including encrypted passcodes for accessing AT&T customer accounts — was published on a cybercrime forum. A security researcher told TechCrunch at the time that the encrypted passcodes could be easily decrypted, prompting AT&T to take precautionary action to protect customer accounts.

Read more on TechCrunch:

Updated with comment from the FBI.

https://techcrunch.com/2024/07/12/what-the-att-call-records-data-breach-means-for-you

TechCrunch
If you’re an AT&T customer, your data has likely been stolen
This week, AT&T confirmed it will begin notifying around 110 million AT&T customers about a data breach that allowed cybercriminals to steal the phone records of “nearly all” of its customers. The stolen data contains phone numbers and AT&T records of calls and text messages during a six-month period in 2022, the company says. If you’re an AT&T customer, here’s what the breach could mean for you.
Engadget
Massive AT&T data breach impacted nearly every single customer
Massive AT&T data breach impacted nearly every single customer. The stolen information includes phone numbers and records.
TechCrunch
The biggest data breaches in 2024: 1 billion stolen records and rising
From huge stores of customers' personal information getting scraped, stolen and posted online, to reams of medical data covering most people in the United States getting stolen, the worst data breaches of 2024 to date have already surpassed at least 1 billion stolen records and rising. For AT&T, 2024 has been a very bad year for data security. The telecoms giant confirmed not one, but two separate data breaches just months apart.
TechCrunch
Evolve Bank says ransomware gang stole personal data on millions of customers
U.S.-based banking-as-a-service giant Evolve Bank & Trust said that cybercriminals accessed the personal data of millions of customers during a recent cyberattack. In a filing with Maine’s attorney general on Monday, Evolve confirmed that the personal data of at least 7.6 million people, including more than 20,000 customers based in Maine, was accessed during the incident, the fallout from which continues to grow. Evolve did not specify what types of data had been compromised in the filing, but it previously said in a statement on its website that attackers accessed the names, Social Security numbers, bank account numbers and contact information belonging to its personal banking customers, the personal data of Evolve employees and information belonging to customers of its financial technology partners.
Yahoo Sports
2024 Paris Olympics: U.S. wins gold medal, sets world record in 4x100 mixed relay
The U.S. won swimming’s mixed medley relay here at the 2024 Olympics, recovering from a flop at Tokyo 2021 to beat Australia, China and Great Britain here in Paris.
Yahoo Sports
Terence Crawford vs. Israil Madrimov live results: Blow-by-blow updates, highlights and analysis
Crawford faces Madrimov for a chance to win a world title in a fourth weight class after winning belts at lightweight and becoming undisputed champion at super lightweight and welterweight.
Yahoo Sports
2024 Paris Olympics recap: Katie Ledecky makes history (again); Sha'Carri Richardson settles for silver
It was a jam-packed day for American women at the Olympics on Saturday, with the USWNT, Katie Ledecky and Sha'Carri Richardson all competing in pivotal events.
Yahoo Sports
2024 Olympics: 10 of the best images from Day 8 of the Paris Games
Saturday was the busiest day of the Olympics yet, and it provided plenty of incredible images from across the country.
Yahoo Sports
WWE SummerSlam 2024 grades, results: Roman Reigns returns, Cody Rhodes retains Undisputed WWE Championship
SummerSlam featured the return of Roman Reigns, who had been absent from WWE programming since losing to Cody Rhodes in the main event of WrestleMania 40.
Yahoo Sports
2024 Paris Olympics: Chase Budinger, Miles Evans close out Australia in straight sets to reach knockout round
Chase Budinger and Miles Evans rolled over Australia on Saturday night to make the beach volleyball knockout round.

News

Leben

Entertainment

Finanzbranche

Sports

New on Yahoo

AT&T says criminals stole phone records of 'nearly all' customers in new data breach

Breach linked to Snowflake

Recommended Stories

If you’re an AT&T customer, your data has likely been stolen

Massive AT&T data breach impacted nearly every single customer

The biggest data breaches in 2024: 1 billion stolen records and rising

Evolve Bank says ransomware gang stole personal data on millions of customers

2024 Paris Olympics: U.S. wins gold medal, sets world record in 4x100 mixed relay

Terence Crawford vs. Israil Madrimov live results: Blow-by-blow updates, highlights and analysis

2024 Paris Olympics recap: Katie Ledecky makes history (again); Sha'Carri Richardson settles for silver

2024 Olympics: 10 of the best images from Day 8 of the Paris Games

WWE SummerSlam 2024 grades, results: Roman Reigns returns, Cody Rhodes retains Undisputed WWE Championship

2024 Paris Olympics: Chase Budinger, Miles Evans close out Australia in straight sets to reach knockout round