Data Belonging To 110m AT&T Customers Stolen

Uploaded on 2024-07-16 in FREE TO VIEW, BUSINESS-Services-IT & Telecoms, TECHNOLOGY--Hackers

The leading US telecommunications company AT&T has confirmed  that an unknown hacker has stolen the records of calls and texts from nearly all of 110 million wireless customers. 

The breach, which was announced by the company on Friday 12th July, took place over a period of five months in 2022. 

The customers data was downloaded to a third-party platform in a security breach, and it can be expected to be followed by a wave of cyber attacks against those businesses and organisation who have had their supposedly secure data stolen

Wireless Customers Hacked

The breach affects AT&T’s mobile customers, the customers of mobile virtual network operators using AT&T’s wireless network, as well as its landline customers who interacted with those cellular numbers. The compromised data does not include some of the information typically seen in usage details, such as the time stamp of calls or texts or customer names. However, there are often ways using publicly available online tools to find the name associated with a specific telephone number.

An internal investigation determined that compromised data includes AT&T records of calls and texts between May 1, 2022 and October 31, 2022. It is understood that the compromised data also includes records from January 2, 2023. These records identify the telephone numbers an AT&T or MVNO mobile number interacted with during these periods. For a subset of records, one or more cell site identification numbers associated with the interactions are also included.

AT&T identified the third-party platform as the cloud data storage company, Snowflake and that the incident was limited to an AT&T workspace on that cloud company’s platform and did not affect its network. 

AT&T’s investigation is continuing and it has engaged with cyber security experts to understand the nature and scope of the criminal breach. The FBI are involved on the investigation and at least one person has been arrested. The FBI said that it has worked collaboratively with AT&T and the US Department of Justice “through the first and second delay process, all while sharing key threat intelligence to bolster FBI investigative equities and to assist AT&T’s incident response work.”

The US Cybersecurity and Infrastructure Security Agency (CISA) said in a statement they are aware of the incident, and are working with AT&T and other government agencies to assess the impact of the breach.

"As always, CISA urges all organisations to enforce stringent security measures, including multifactor authentication. We will continue to monitor and provide guidance or assistance, as needed," the statement said.

AT&T    |     CISA     |     Al Jazeera     |     ABC News     |     Financial Times     |     Reuters     |     Security Week  |

Hacker News     |     404 Media

You Might Also Read: 

Cloud Threats Require New Advanced Defenses:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Ransomware Attack Hits Global Card Processing Company
Google Will Pay $23B To Acquire Cyber Security Firm Wiz »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ON-DEMAND WEBINAR: Gen AI for Security: Adoption strategies with Amazon Bedrock

ON-DEMAND WEBINAR: Gen AI for Security: Adoption strategies with Amazon Bedrock

Watch this webinar and get a comprehensive roadmap for securely adopting generative AI using Amazon Bedrock, a fully managed service that offers a choice of high-performing foundation models (FMs).

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Feitian Technologies

Feitian Technologies

Feitian Technologies provides authentication and transaction security products for financial institutions, telecoms, government and leading business enterprises.

National Cyber Security Centre (NCSC) - United Kingdom

National Cyber Security Centre (NCSC) - United Kingdom

The NCSC acts as a bridge between industry and government, providing a unified source of advice, guidance and support on cyber security, including the management of cyber security incidents.

SRI International

SRI International

SRI International is a research institute performing client-sponsored R&D in a broad range of study areas including computing and cybersecurity.

Graphus

Graphus

Graphus provides a simple, powerful, automated solution that eliminates 99% of social engineering and spear phishing attacks against G Suite business Gmail users.

Me Learning

Me Learning

Me Learning provides engaging, informative and clearly explained learning materials for complex and challenging professional environments in areas including GDPR and Information Governance.

Temasoft

Temasoft

TEMASOFT is a software company focused on developing security and infrastructure products.

MER Group

MER Group

MER Group is a world-leading integrator in the areas of communications and security. MER cyber solutions cover the entire range of cyber and intelligence related products and services.

ECOLUX

ECOLUX

ECOLUX is a professional IoT security service company committed to developing world-leading “IoT Lifecycle Security” technologies and products.

GV

GV

GV provides venture capital funding to bold new companies in the fields of life science, healthcare, artificial intelligence, robotics, transportation, cyber security and agriculture.

Startup Capital Ventures

Startup Capital Ventures

Startup Capital Ventures is an early stage venture capital firm with a focus on FinTech, Cloud/SaaS, Security, Healthcare IT, and IoT.

GroupSense

GroupSense

GroupSense helps governments and enterprises take control of digital risk with cyber reconnaissance, counterintelligence and monitoring for breached credentials.

AlertFusion

AlertFusion

AlertFusion is a platform that makes security operations more effective. It complements existing tools and technologies, unifies operations, enhances process maturity and drives efficiencies.

Trace3

Trace3

Trace3 is a pioneer in business transformation solutions, empowering organizations to keep pace with the rapid changes in IT innovations and maximize organizational health.

Axiata Digital Labs

Axiata Digital Labs

Axiata Digital Labs is the technology hub of Axiata Group Berhad Malaysia which is one of the leading groups in telecommunication in Asia.

Buchanan Technologies

Buchanan Technologies

Buchanan Technologies is a leading IT consulting and outsourcing services firm. Our methodology transforms everyday technology investments into streamlined, secure and scalable solutions.

WPScan

WPScan

With WPScan, you'll be the first to know about vulnerabilities affecting your WordPress installation, plugins, and themes.