AT&T Wireless, one of America’s leading wireless carriers, has disclosed a significant cybersecurity incident in a recent securities filing. The data breach, discovered in late April, has affected nearly all of AT&T’s wireless customers, including mobile virtual network operators and AT&T landline customers.
The hacker gained unauthorized access to customer call and text message data, downloading records spanning two time periods: May 1 to October 31, 2022, and January 2023. While the stolen information includes phone numbers contacted and call durations, AT&T emphasized that the content of communications was not compromised.
Scope of the Breach and AT&T’s Response
The exact number of affected customers has not been specified, but AT&T’s vast network encompasses approximately 127 million connected devices as of the end of 2023. This includes roughly 87 million postpaid wireless subscribers.
AT&T has assured customers that the compromised records do not appear to be publicly available. The company stated, “We have taken additional cybersecurity measures … including closing off the point of unlawful access.” Affected consumers will be notified and provided with resources to help protect their information.
Data Compromised and Potential Risks
While names, Social Security numbers, and credit card information were not part of the breach, AT&T warned that cellphone numbers could be easily linked to names through online tools. This raises concerns about potential privacy violations and targeted scams.
The company is working with law enforcement, and according to AT&T, the Department of Justice has apprehended at least one person in connection with the breach.
Technical Details and Third-Party Involvement
AT&T clarified that the incident was limited to an AT&T workspace on Snowflake’s cloud platform and did not impact AT&T’s network infrastructure. Snowflake, through its Chief Information Officer Brad Jones, stated that they have not seen evidence suggesting a breach of their platform. However, Snowflake has been providing updates about a “targeted threat campaign” against some of its customers, though it’s unclear if this is directly related to the AT&T incident.
AT&T’s History of Security Incidents
This latest breach is not an isolated incident for AT&T. In late March, the company disclosed that account information from 73 million current and former customers had been leaked to the dark web. Additionally, a massive cellphone outage in late February disrupted services for at least 1.7 million customers, although AT&T attributed this to a technical error rather than a security breach.
The repeated security incidents at AT&T highlight the ongoing challenges faced by telecommunications giants in protecting vast amounts of sensitive customer data. As cyber threats continue to evolve, the need for robust security measures and rapid incident response becomes increasingly critical.
Moving Forward: AT&T’s Commitment and Customer Advice
AT&T has expressed regret over the incident, stating, “We sincerely regret this incident occurred and remain committed to protecting the information in our care.” The company does not expect the hack to materially impact its operations or negatively affect its financial results.
Customers are advised to remain vigilant and monitor their accounts for any suspicious activity. AT&T will be providing affected individuals with resources to help safeguard their information in the wake of this cybersecurity incident.