Thread regarding AT&T layoffs

Nearly all AT&T cell customers’ call and text records exposed in a massive breach

CNN

The call and text message records of tens of millions of AT&T cellphone customers in mid-to-late 2022 were exposed in a massive data breach, the telecom company revealed Friday.

AT&T blamed an “illegal download” on a third-party cloud platform that it learned about in April – just as the company was grappling with an unrelated major data leak.

AT&T said the compromised data includes the telephone numbers of “nearly all” of its cellular customers and the customers of wireless providers that use its network between May 1, 2022 and October 31, 2022. The stolen logs also contain a record of every number AT&T customers called or texted – including customers of other wireless networks – the number of times they interacted and the call duration.

The records of a “very small number” of customers on January 2, 2023 were also implicated, AT&T said. The content of the calls and texts were not exposed, according to the company.

AT&T listed approximately 110 million wireless subscribers as of the end of 2022.

The breach also included AT&T landline customers who interacted with those cell numbers.

AT&T said customer names were not exposed in this incident, however the company acknowledged that publicly available tools can often link names with specific phone numbers.

Additionally, AT&T said that for an undisclosed subset of its records, one or more cell site identification numbers linked to the calls and texts were also exposed. Such data could reveal the broad geographic location of one or more of the parties.

“At this time, we do not believe that the data is publicly available,” AT&T said in a statement. “We sincerely regret this incident occurred and remain committed to protecting the information in our care.”

AT&T promised to notify current and former customers whose information was involved and provide them resources to protect their information.

Although the breach exposed phone and text records, AT&T said it does not contain the contents of the calls or texts, nor does it contain personal information such as Social Security numbers, dates of birth or other personally identifiable information.

Usage details such as the time of calls and text messages were not compromised either.

AT&T said it learned on April 19 that a “threat actor claimed to have unlawfully accessed and copied AT&T call logs.” The company said it “immediately” hired experts and a subsequent investigation determined hackers and exfiltrated files between April 14 and April 25.

The company said the US Department of Justice Department determined in May and in June that a delay in public disclosure was warranted. It’s not clear why that the US government requested that data be delayed. CNN has reached out to the Justice Department for comment.

AT&T spokesperson Alex Byers told CNN that this new incident has “no connection in any way” to an incident disclosed in March. At that time, AT&T said personal information such as Social Security numbers on 73 million current and former customers was released onto the dark web.

In the new incident, AT&T told CNN it learned in April that customer data was illegally downloaded from its workspace on Snowflake, a third-party cloud platform. CNN reached out to Snowflake for comment.

AT&T said it launched an investigation, hired cybersecurity experts and took steps to close the “illegal access point.”

The company said it’s cooperating with law enforcement’s efforts to apprehend those responsible and understands at least one person has already been arrested

https://www.cnn.com/2024/07/12/business/att-customers-massive-breach/index.html

by
| 1532 views | | 40 replies (last July 13, 2024) | Reply
Post ID: @OP+1tt4C4Op

There are no replies in this thread yet. Be the first to post a reply below:

Post a reply

: