Sign Up
BlogNews11TH JUL 2024
AuthorSamir Yawar
3 min read
News

AT&T Data Breach leaks call logs of 109 million customers

Twitter
Facebook
WhatsApp
Email
LinkedIn
Feature image for blog about AT&T data breach

AT&T has disclosed a significant data breach involving the theft of call logs for approximately 109 million customers. The breach occurred through an online database on the company's Snowflake account.

The company confirmed that the data was stolen between April 14 and April 25, 2024. The compromised data includes call and text records from nearly all AT&T mobile clients and customers of mobile virtual network operators (MVNOs), covering the period from May 1 to October 31, 2022, and January 2, 2023.

AT&T Data Breach details


1. What is AT&T doing to contain the cybersecurity breach?
2. What should AT&T customers do?
AT&T logo with a silhoutte

The stolen data encompasses:

  • Telephone numbers of AT&T wireline customers and customers of other carriers.

  • Telephone numbers with which AT&T or MVNO wireless numbers interacted.

  • Count of interactions (e.g., the number of calls or texts).

  • Aggregate call duration for a day or month.

  • For a subset of records, one or more cell site identification numbers.

Notably, the exposed records did not include the content of calls or texts, customer names, Social Security numbers, dates of birth, or other personal information.

While the logs do not contain sensitive information that directly exposes customer identities, the communications metadata can be cross-referenced with publicly available information to infer identities in many cases.

What is AT&T doing to contain the cybersecurity breach?

Upon discovering the breach, AT&T collaborated with cybersecurity experts and informed law enforcement. The US Department of Justice twice granted AT&T permission to delay public notification, on May 9, 2024, and June 5, 2024, citing potential risks to national security and public safety.

The FBI stated,

Shortly after identifying a potential breach to customer data and before making its materiality decision, AT&T contacted the FBI to report the incident. In assessing the nature of the breach, all parties discussed a potential delay to public reporting under Item 1.05(c) of the SEC Rule, due to potential risks to national security and/or public safety."

AT&T is working with law enforcement to apprehend those involved, and at least one individual has already been detained. The company has implemented enhanced cybersecurity measures to prevent future unauthorized access and plans to notify current and former customers impacted by the breach soon.

AT&T confirmed that the data was stolen from its Snowflake account, a cloud-based database provider used for data warehousing and analytics. This breach is part of a recent wave of data theft attacks involving compromised credentials. Previously Ticketmaster also had its data stolen from its Snowflake account.

What should AT&T customers do?

Customers can visit the provided FAQ page to check if their phone number's data was exposed and download the stolen data associated with their number.

As of now, AT&T reports no evidence that the accessed data has been publicly disseminated. The company also clarified that this incident is unrelated to the 2021 data breach that affected 51 million customers.

Samir Yawar
Samir Yawar / Content Lead
Samir wants a world where people can instinctively whack online scams and feel accomplished without the need for psychic powers. As an ISC2 member, he is doing his bit to turn cybersecurity awareness training into a fun concept with simple, approachable and accessible content. Reach out to him at X @yawarsamir
blog image on effect of VPNs on zero-day exploits
Read NextDBIR 2024: The Effect of VPNs on Zero-Day Exploits
News
FAQsFrequently Asked Questions
The consequences can vary but often include identity theft, financial losses, compromised personal information, data breaches, regulatory fines (for businesses), and damage to reputation and trust.