Data Belonging To 110m AT&T Customers Stolen

Uploaded on 2024-07-16 in FREE TO VIEW, BUSINESS-Services-IT & Telecoms, TECHNOLOGY--Hackers

The leading US telecommunications company AT&T has confirmed  that an unknown hacker has stolen the records of calls and texts from nearly all of 110 million wireless customers. 

The breach, which was announced by the company on Friday 12th July, took place over a period of five months in 2022. 

The customers data was downloaded to a third-party platform in a security breach, and it can be expected to be followed by a wave of cyber attacks against those businesses and organisation who have had their supposedly secure data stolen

Wireless Customers Hacked

The breach affects AT&T’s mobile customers, the customers of mobile virtual network operators using AT&T’s wireless network, as well as its landline customers who interacted with those cellular numbers. The compromised data does not include some of the information typically seen in usage details, such as the time stamp of calls or texts or customer names. However, there are often ways using publicly available online tools to find the name associated with a specific telephone number.

An internal investigation determined that compromised data includes AT&T records of calls and texts between May 1, 2022 and October 31, 2022. It is understood that the compromised data also includes records from January 2, 2023. These records identify the telephone numbers an AT&T or MVNO mobile number interacted with during these periods. For a subset of records, one or more cell site identification numbers associated with the interactions are also included.

AT&T identified the third-party platform as the cloud data storage company, Snowflake and that the incident was limited to an AT&T workspace on that cloud company’s platform and did not affect its network. 

AT&T’s investigation is continuing and it has engaged with cyber security experts to understand the nature and scope of the criminal breach. The FBI are involved on the investigation and at least one person has been arrested. The FBI said that it has worked collaboratively with AT&T and the US Department of Justice “through the first and second delay process, all while sharing key threat intelligence to bolster FBI investigative equities and to assist AT&T’s incident response work.”

The US Cybersecurity and Infrastructure Security Agency (CISA) said in a statement they are aware of the incident, and are working with AT&T and other government agencies to assess the impact of the breach.

"As always, CISA urges all organisations to enforce stringent security measures, including multifactor authentication. We will continue to monitor and provide guidance or assistance, as needed," the statement said.

AT&T    |     CISA     |     Al Jazeera     |     ABC News     |     Financial Times     |     Reuters     |     Security Week  |

Hacker News     |     404 Media

You Might Also Read: 

Cloud Threats Require New Advanced Defenses:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Ransomware Attack Hits Global Card Processing Company
Google Will Pay $23B To Acquire Cyber Security Firm Wiz »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Combitech

Combitech

Combitech is the Nordic region’s leading cyber security consultancy firm, with about 260 certified security consultants helping companies and authorities prevent and manage cyber threats.

Industrial Networking Solutions (INS)

Industrial Networking Solutions (INS)

INS Services specializes in designing, deploying and providing on-going support for critical OT (Operational Technology) and IIoT (Industrial Internet of Things) networks.

Digital Transformation EXPO (DTX)

Digital Transformation EXPO (DTX)

Digital Transformation EXPO showcases the latest technology and insight from the world’s leading brands and experts in DX.

Government Communications Security Bureau (GCSB)

Government Communications Security Bureau (GCSB)

GCSB contributes to New Zealand’s national security by providing information assurance and cyber security to the New Zealand Government and critical infrastructure organisations.

Digital Security

Digital Security

Digital Security is an Ecuadorian company specialized in providing comprehensive information security solutions.

Perseus Cyber Security

Perseus Cyber Security

Perseus provides all-around digital protection for small and medium-sized businesses through state-of-the-art software solutions, flexible online training and emergency response.

Police Digital Security Centre (PDSC)

Police Digital Security Centre (PDSC)

PDSC is a not-for-profit organisation, owned by the police, that works across the UK in partnership with industry, government, academia and law enforcement.

CyberSat Summit

CyberSat Summit

CyberSat is dedicated to fostering the necessary discussions to flesh out and develop solutions to cyber threats in the satellite industry.

StackHawk

StackHawk

StackHawk is built to help dev teams ship secure code. Find and fix bugs early before they become vulnerabilities in production.

Moviri

Moviri

Moviri combines security technology engineering, intelligence expertise and our data science DNA to help companies manage digital risk end-to-end.

Nine23

Nine23

Nine23 are a highly focused cyber security solutions company that defines, builds and manages innovative services, enabling end-users to use technology securely in today’s workplace.

QuantumCTek

QuantumCTek

Unified National Networks (UNN)

Unified National Networks (UNN)

UNN’s mission is to unify the national networks and create a modern and cost efficient digital platform connecting the entire country.

Mobilen Communications

Mobilen Communications

Mobilen are dedicated to providing our customers with the highest level of secure data in transit and to bring privacy back to a mobile world.

Anthropic

Anthropic

Anthropic is a Public Benefit Corporation, whose purpose is the responsible development and maintenance of advanced AI for the long-term benefit of humanity.

Transcendental Technologies

Transcendental Technologies

Transcendental is a consulting organization which specializes in customized assurance services in the fields of Localization, Mobile Software Solutions, Web Design, Cyber Security & Cyber Forensics.