Data Belonging To 110m AT&T Customers Stolen

Uploaded on 2024-07-16 in FREE TO VIEW, BUSINESS-Services-IT & Telecoms, TECHNOLOGY--Hackers

The leading US telecommunications company AT&T has confirmed  that an unknown hacker has stolen the records of calls and texts from nearly all of 110 million wireless customers. 

The breach, which was announced by the company on Friday 12th July, took place over a period of five months in 2022. 

The customers data was downloaded to a third-party platform in a security breach, and it can be expected to be followed by a wave of cyber attacks against those businesses and organisation who have had their supposedly secure data stolen

Wireless Customers Hacked

The breach affects AT&T’s mobile customers, the customers of mobile virtual network operators using AT&T’s wireless network, as well as its landline customers who interacted with those cellular numbers. The compromised data does not include some of the information typically seen in usage details, such as the time stamp of calls or texts or customer names. However, there are often ways using publicly available online tools to find the name associated with a specific telephone number.

An internal investigation determined that compromised data includes AT&T records of calls and texts between May 1, 2022 and October 31, 2022. It is understood that the compromised data also includes records from January 2, 2023. These records identify the telephone numbers an AT&T or MVNO mobile number interacted with during these periods. For a subset of records, one or more cell site identification numbers associated with the interactions are also included.

AT&T identified the third-party platform as the cloud data storage company, Snowflake and that the incident was limited to an AT&T workspace on that cloud company’s platform and did not affect its network. 

AT&T’s investigation is continuing and it has engaged with cyber security experts to understand the nature and scope of the criminal breach. The FBI are involved on the investigation and at least one person has been arrested. The FBI said that it has worked collaboratively with AT&T and the US Department of Justice “through the first and second delay process, all while sharing key threat intelligence to bolster FBI investigative equities and to assist AT&T’s incident response work.”

The US Cybersecurity and Infrastructure Security Agency (CISA) said in a statement they are aware of the incident, and are working with AT&T and other government agencies to assess the impact of the breach.

"As always, CISA urges all organisations to enforce stringent security measures, including multifactor authentication. We will continue to monitor and provide guidance or assistance, as needed," the statement said.

AT&T    |     CISA     |     Al Jazeera     |     ABC News     |     Financial Times     |     Reuters     |     Security Week  |

Hacker News     |     404 Media

You Might Also Read: 

Cloud Threats Require New Advanced Defenses:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Ransomware Attack Hits Global Card Processing Company
Google Will Pay $23B To Acquire Cyber Security Firm Wiz »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Defense Advanced Research Projects Agency (DARPA)

Defense Advanced Research Projects Agency (DARPA)

DARPA's mission is to develop breakthrough technologies for national security. The Information Innovation Office undertakes cyber security activities.

Andrisoft

Andrisoft

Andrisoft develops WANGUARD, an anti-DDoS Software solution that monitors IP traffic using packet-based and flow-based Sensors, and protects networks

Roke Manor Research

Roke Manor Research

Roke is a world-class electronics engineering consultancy. Areas of expertise include cyber security, cyber assurance and cryptographic solutions.

Simeio Solutions

Simeio Solutions

Simeio is a complete Identity and Access Management (IAM) solution provider that engages securely with anyone, anywhere, anytime.

The Open Group

The Open Group

The Open Group: Leading the development of open, vendor-neutral IT standards and certifications.

Secure Innovations

Secure Innovations

Secure Innovations is a cybersecurity firm dedicated to providing top-tier cyber security solutions for the Defense and the Intelligence Community.

Span

Span

Span designs, develops and maintains information systems based on advanced technological solutions of global IT leaders.

Corsa Security

Corsa Security

Corsa Security is leading the transformation of network security with a private cloud approach that helps scale network security services with unwavering performance and flexibility.

World Informatix Cyber Security (WICS)

World Informatix Cyber Security (WICS)

World Informatix Cyber Security provides a range of cyber security services to protect valuable information assets to global business and governments.

Reliance Cyber

Reliance Cyber

Reliance Cyber (formerly Reliance ACSN) help to monitor and manage your organisation’s security infrastructure 24/7, so you can make sure all threats and issues are dealt with.

DatChat

DatChat

DatChat Inc. is a blockchain, cybersecurity, and social media company that focuses on protecting privacy on our devices and also protecting our information after we have shared it with others.

Grant Thornton

Grant Thornton

Grant Thornton is one of the world’s leading networks of independent assurance, tax and advisory firms.

Acrisure

Acrisure

Acrisure is powered by the best of human and high-tech and offers insurance, reinsurance, real estate, cyber and more solutions to millions of clients around the world.

Rhymetec

Rhymetec

Rhymetec are an industry leader in cloud security, providing innovative cybersecurity and data privacy services to the modern-day SaaS business.

UberEther

UberEther

UberEther are a dedicated group of software developers and consultants developing and deploying the next generation of identity management and cloud solutions.

Post-Quantum Cryptography Alliance (PQCA)

Post-Quantum Cryptography Alliance (PQCA)

The alliance seeks to address cryptographic security challenges posed by quantum computing by producing high-assurance software implementations of standardized algorithms.