AT&T made public today that information from the majority of its clients from the period between May 1, 2022, and October 31, 2022, along with January 2, 2023, was taken to a third-party platform in April 2024. Those customers impacted by the data exposure will receive notifications. AT&T assured that the entry point used for the cyber intrusion has been fortified, and the data is no longer accessible.
Unauthorized Entry Obtained Phone Numbers and Call Durations
As per AT&T, the unauthorized actor got hold of records of phone calls and text messages, including details of the phone numbers customers communicated with, and sometimes even cell site identification numbers. The breach encompassed both mobile and landline users.
The perpetrators could view “statistics on those calls or texts and the overall call durations for specific days or months,” AT&T noted in a communication to customers, but not the actual content of those communications. Personal data like Social Security numbers or birthdates were not part of the exposure. Nonetheless, the organization highlighted the possibility for threat actors to leverage phone numbers to deduce the identities of the individuals associated with them.
AT&T Identified the Breach in April
AT&T first detected the intrusion on April 19 after receiving notice from “an unauthorized actor” who claimed to have penetrated the system, according to AT&T’s official submission to the SEC regarding the incident.
SEE: On July 4, a distinct cyber incursion led to the compromise of nearly ten billion passwords for online accounts.
As reported by The Verge, the unauthorized actor infiltrated the system via Snowflake, the data warehousing platform that was also exploited in an earlier cyber offense in June.
AT&T indicated in their notice that one person has been detained by law enforcement in connection with the cyber incident.
AT&T reported the breach to the SEC utilizing the recently introduced Form 8-K. Enforced in December 2023, the SEC mandates that publicly traded firms facing a cyber offense must announce the event using this form if it qualifies as a “significant” event. As part of this declaration, AT&T forecasted that the April cyber intrusion was unlikely to have a significant impact on AT&T’s finances or operations.
By May 31, 2024, AT&T unveiled that the login credentials of 7.6 million customers had been compromised in a data breach. The two attacks do not seem to be linked.
Conduct Self Analysis to Ascertain Impact on Your Data
Customers of AT&T who manage corporate accounts can verify if their data was influenced at myAT&T or the Premier business plan portal. All customers, including those with business accounts and former clients, can review the specific information exposed about their phone number through a range of choices presented by AT&T on its support page.
Valuable Lessons for Business Executives from the AT&T Breach
A significant breach like this serves as a vital reminder for corporations to be mindful of potential risks from their external partners and supply chains. Organizational leaders should consider deploying security measures like endpoint detection and response or security information and event management, and have a structured recovery and backup strategy ready in the event of data theft.
TechRepublic has sought further details from AT&T.
About Author
