Data Belonging To 110m AT&T Customers Stolen

Uploaded on 2024-07-16 in FREE TO VIEW, BUSINESS-Services-IT & Telecoms, TECHNOLOGY--Hackers

The leading US telecommunications company AT&T has confirmed  that an unknown hacker has stolen the records of calls and texts from nearly all of 110 million wireless customers. 

The breach, which was announced by the company on Friday 12th July, took place over a period of five months in 2022. 

The customers data was downloaded to a third-party platform in a security breach, and it can be expected to be followed by a wave of cyber attacks against those businesses and organisation who have had their supposedly secure data stolen

Wireless Customers Hacked

The breach affects AT&T’s mobile customers, the customers of mobile virtual network operators using AT&T’s wireless network, as well as its landline customers who interacted with those cellular numbers. The compromised data does not include some of the information typically seen in usage details, such as the time stamp of calls or texts or customer names. However, there are often ways using publicly available online tools to find the name associated with a specific telephone number.

An internal investigation determined that compromised data includes AT&T records of calls and texts between May 1, 2022 and October 31, 2022. It is understood that the compromised data also includes records from January 2, 2023. These records identify the telephone numbers an AT&T or MVNO mobile number interacted with during these periods. For a subset of records, one or more cell site identification numbers associated with the interactions are also included.

AT&T identified the third-party platform as the cloud data storage company, Snowflake and that the incident was limited to an AT&T workspace on that cloud company’s platform and did not affect its network. 

AT&T’s investigation is continuing and it has engaged with cyber security experts to understand the nature and scope of the criminal breach. The FBI are involved on the investigation and at least one person has been arrested. The FBI said that it has worked collaboratively with AT&T and the US Department of Justice “through the first and second delay process, all while sharing key threat intelligence to bolster FBI investigative equities and to assist AT&T’s incident response work.”

The US Cybersecurity and Infrastructure Security Agency (CISA) said in a statement they are aware of the incident, and are working with AT&T and other government agencies to assess the impact of the breach.

"As always, CISA urges all organisations to enforce stringent security measures, including multifactor authentication. We will continue to monitor and provide guidance or assistance, as needed," the statement said.

AT&T    |     CISA     |     Al Jazeera     |     ABC News     |     Financial Times     |     Reuters     |     Security Week  |

Hacker News     |     404 Media

You Might Also Read: 

Cloud Threats Require New Advanced Defenses:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Ransomware Attack Hits Global Card Processing Company
Google Will Pay $23B To Acquire Cyber Security Firm Wiz »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Social-Engineer

Social-Engineer

Social-Engineer is a team of outside–the–box thinkers that share a common focus on human-to-human social engineering.

ESET

ESET

ESET provide security software for enterprises and consumers - Antivirus Software, Internet Security and Virus Protection.

National Agency for the Security of Information Systems (ANSSI) - France

National Agency for the Security of Information Systems (ANSSI) - France

The role of Agence Nationale de la Sécurité des Systèmes d'Information (ANSSI) is to foster a coordinated, ambitious, pro-active response to cybersecurity issues in France.

Assured Data Protection

Assured Data Protection

Assured Data Protection specialises in data protection and disaster recovery services for large SME and enterprise organisations.

Jetico

Jetico

Jetico provides pure & simple data protection software for all sensitive information throughout the lifecycle. Solutions include data encryption and secure data erasure.

PlainID

PlainID

PlainID provides IAM teams with a simple and intuitive means to control their organization’s entire authorization process.

Honeynet Project

Honeynet Project

The Honeynet Project is a leading international non-profit security research organization, dedicated to investigating the latest attacks and developing open source security tools.

Seqrite

Seqrite

Seqrite offers a highly advanced range of enterprise and IT security solutions to protect your organization's most critical data.

Pentagon Group

Pentagon Group

Pentagon Group is a provider of security services in high-risk environments, remote areas and emerging markets in support of land-based, aviation, maritime and cyber operations.

Naukrigulf

Naukrigulf

Naukrigulf.com is one of the fastest growing job sites in the Gulf, with thousands of registered job seekers and a robust CV database across many sectors, including cybersecurity.

Vector Informatik

Vector Informatik

Vector Informatik is a specialist in automotove electronics and provides services, embedded software and tools for securing embedded systems against cyber-attacks.

PSafe

PSafe

PSafe is a leading provider of mobile privacy, security, and performance apps. We deliver innovative products that protect your freedom to safely connect, share, play, express and explore online.

ANY.RUN

ANY.RUN

ANY.RUN is an interactive online malware analysis service created for dynamic as well as static research of multiple types of cyber threats.

Var Group

Var Group

Var Group is one of the main partners for innovation in the ICT sector in Italy.

Mindcore Technologies

Mindcore Technologies

Mindcore provide cyber security services, managed IT services and IT consulting services to businesses in NJ, FL, and throughout the United States.

Codenotary

Codenotary

Codenotary provide a comprehensive suite of verification and enforcement services to guarantee the integrity of your software throughout its entire lifecycle.