AT&T Reports Illegal Download of Customer Data in Major Security Breach

In a significant cybersecurity incident, AT&T has recently disclosed that customer data was illegally downloaded from a third-party cloud platform workspace in April. The telecommunications giant is now working closely with law enforcement to apprehend those responsible for the breach, with at least one person already in custody.

The compromised data includes call and text records for nearly all of AT&T's cellular customers, as well as customers of mobile virtual network operators (MVNOs) using AT&T's wireless network. Additionally, AT&T's landline customers who interacted with these cellular numbers between May 1, 2022, and October 31, 2022, are also affected. A small number of customers' records from January 2, 2023, were also compromised.

While AT&T emphasizes that the stolen data does not contain call or text content, personal information such as Social Security numbers, dates of birth, or other personally identifiable information, it does include the telephone numbers that AT&T or MVNO cellular numbers interacted with during the specified periods. For some records, cell site identification numbers associated with these interactions were also compromised. AT&T has stated that the data is not believed to be publicly available at this time. However, the company acknowledges that it may be possible to link phone numbers to individuals using publicly available online tools.

Approximately 109 million customer accounts were impacted, according to AT&T, which said that it currently doesn’t believe that the data is publicly available. The company has taken steps to close off the illegal access point and has engaged leading cybersecurity experts to investigate the nature and scope of the criminal activity. AT&T plans to notify current and former customers whose information was involved and provide resources to help protect their data.

The company expressed regret over the incident and reaffirmed its commitment to protecting customer information. Affected customers are encouraged to visit att.com/DataIncident for more information and guidance on protecting their data.

AT&T identified the third-party platform as Snowflake and stated that the incident was limited to an AT&T workspace on that cloud company’s platform and did not impact its network. Roei Sherman, Field Chief Technology Officer at Mitiga, remarked, “The AT&T data breach underscores the growing risks associated with the vast amounts of data companies now store on cloud and SaaS platforms. As organizations increasingly rely on these technologies, the complexity of detecting and investigating breaches has risen sharply.”

The Federal Bureau of Investigation (FBI) and the Department of Justice (DOJ) are actively involved in the investigation. The DOJ mentioned that it became aware of the breach early this year and that an earlier disclosure could have posed a substantial risk to national security and public safety. The Federal Communications Commission (FCC) is also investigating the incident.

This breach underscores the ongoing challenges faced by major corporations in securing customer data, particularly when third-party platforms are involved. As investigations continue, the incident is likely to spark renewed discussions about data security practices and regulatory oversight in the telecommunications industry.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.