US telecom carrier AT&T has confirmed a data breach affecting nearly its entire customer base. The company will notify around 110 million of its consumers about the data breach, which saw hackers steal phone numbers (both cellular and landline) and call and text records, including who contacted whom by phone or text between May 1, 2022, and October 31, 2022.
While the stolen data doesn’t include the content of calls or texts, it does include call records of customers with phone service from other carriers that rely on AT&T’s network. Finally, some of the stolen data also includes records as recent as January 2, 2023, for a smaller, unspecified number of users.
The company hasn’t revealed the nature or method of the cyber attack nor the identity of the threat actors. An investigation with cybersecurity experts is underway to figure out the nature and scope of the issue. The compromised access point has also been secured. Regardless, AT&T doesn’t believe that the leaked customer data is publicly available at the time of writing. AT&T’s statement on the breach states that the company is working with law enforcement to arrest those involved and that at least one individual has been apprehended in the matter.
AT&T told TechCrunch that it discovered the breach on April 19 and that it was unrelated to its earlier breach in March, claiming that the most recent breach was customer records stolen from cloud data giant Snowflake. The Snowflake data breach affected nearly 500 of its customers, including Ticketmaster, QuoteWizard, and now AT&T among others.
The Snowflake incident was attributed to a yet-to-be-classified threat actor UNC5537. Cybersecurity firm Mandiant, which was brought in by Snowflake to help access the breach, claims that the hackers are financially motivated with some members in North America and at least one in Turkey. It’s also unclear whether this attack was carried out by UNC5537 either
In the News: Cybercrooks deploy novel Clickfix phishing to spread DarkGate, Lumma Stealer
