AT&T discloses one other large information breach containing the cellphone data of ‘practically all’ its clients

In a nutshell: Hackers stole greater than 100 million AT&T clients’ cellphone data from 2022. The knowledge from a six-month interval contained metadata, together with cellphone numbers, name and textual content counts, durations, and, in some circumstances, tower ID numbers. Nevertheless, the contents of textual content messages and calls weren’t accessed.

On Friday, AT&T disclosed a large information breach that uncovered the cellphone data of practically all of its 110 million clients. TechCrunch notes that though the corporate discovered the intrusion on April 19, the data accessed had been from Could 1, 2022, and October 31, 2022. Further information from January 2, 2023, was additionally compromised. The info cache contained cellphone numbers and data of calls and textual content messages from mobile and landline customers.

The wi-fi supplier stated the breach didn’t embrace the content material of calls or texts however did reveal metadata, together with who contacted whom, the overall depend of calls and texts, and name durations. Some data additionally contained cell website identification numbers, which dangerous actors might probably use to approximate the situation of calls and texts.

The breach additionally affected clients of different carriers utilizing AT&T’s community, broadening its influence considerably. The corporate stated it will notify its clients affected by the breach however did not point out actions relating to the opposite affected suppliers.

We now have an ongoing investigation into the AT&T breach and we’ re coordinating with our regulation enforcement companions.

– The FCC (@FCC) July 12, 2024

Apparently, this intrusion is linked to the latest Snowflake breach. Snowflake is a cloud information supplier whose clients, together with AT&T, Ticketmaster, and QuoteWizard, suffered from unauthorized entry to information saved on the corporate’s cloud servers. Researchers decided the basis trigger was an absence of enforced multi-factor authentication (MFA) on Snowflake accounts, leaving them susceptible to assault.

Cybersecurity agency Mandiant, aiding Snowflake, reported that hackers stole a big quantity of information from roughly 165 clients. They attributed the breach to a cybercriminal group often known as UNC5537, with members from North America and Turkey.

In response to the breach, AT&T has been working intently with regulation enforcement to trace down the cybercriminals concerned. The corporate confirmed that a minimum of one individual was apprehended, noting that it was not an AT&T worker. As talked about, the assault occurred in April, however the FBI and the Division of Justice requested AT&T to delay public notification twice as a result of potential nationwide safety and public security dangers. The FCC tweeted that it was additionally concerned and conducting an investigation.

This breach marks AT&T’s second main safety incident this 12 months. Earlier, the corporate needed to reset account passcodes after encrypted buyer information appeared on a cybercrime discussion board. The convenience with which dangerous actors might decrypt these passcodes prompted the service to take swift protecting motion, however solely after denying the breach for 2 weeks.

These involved can discover extra info relating to the incident on AT&T’s devoted website. The corporate says it continues to work diligently to forestall additional unauthorized actions.

Picture credit score: Mike Mozart