AT&T has disclosed a significant data breach involving the theft of call logs for approximately 109 million customers. The breach occurred through an online database on the company's Snowflake account.
The company confirmed that the data was stolen between April 14 and April 25, 2024. The compromised data includes call and text records from nearly all AT&T mobile clients and customers of mobile virtual network operators (MVNOs), covering the period from May 1 to October 31, 2022, and January 2, 2023.
The stolen data encompasses:
Telephone numbers of AT&T wireline customers and customers of other carriers.
Telephone numbers with which AT&T or MVNO wireless numbers interacted.
Count of interactions (e.g., the number of calls or texts).
Aggregate call duration for a day or month.
For a subset of records, one or more cell site identification numbers.
Notably, the exposed records did not include the content of calls or texts, customer names, Social Security numbers, dates of birth, or other personal information.
While the logs do not contain sensitive information that directly exposes customer identities, the communications metadata can be cross-referenced with publicly available information to infer identities in many cases.
Upon discovering the breach, AT&T collaborated with cybersecurity experts and informed law enforcement. The US Department of Justice twice granted AT&T permission to delay public notification, on May 9, 2024, and June 5, 2024, citing potential risks to national security and public safety.
The FBI stated,
AT&T is working with law enforcement to apprehend those involved, and at least one individual has already been detained. The company has implemented enhanced cybersecurity measures to prevent future unauthorized access and plans to notify current and former customers impacted by the breach soon.
AT&T confirmed that the data was stolen from its Snowflake account, a cloud-based database provider used for data warehousing and analytics. This breach is part of a recent wave of data theft attacks involving compromised credentials. Previously Ticketmaster also had its data stolen from its Snowflake account.
Customers can visit the provided FAQ page to check if their phone number's data was exposed and download the stolen data associated with their number.
As of now, AT&T reports no evidence that the accessed data has been publicly disseminated. The company also clarified that this incident is unrelated to the 2021 data breach that affected 51 million customers.