AT&T Admits that Data of “Nearly All” Customers Was Breached in 2022

Written by

Geoff Halstead

Published on

July 13, 2024

Reading time

2 min.

The New York Times reported today that AT&T disclosed a significant data breach affecting nearly all of its customers. The breach occurred between April 14 and April 25, 2024, when threat actors unlawfully accessed an AT&T workspace on a third-party cloud platform. The stolen data included records of customer call and text interactions from May 1, 2022, to October 31, 2022, and on January 2, 2023. This data included telephone numbers, counts of interactions, and aggregate call durations, potentially allowing the threat actors to triangulate customer locations. AT&T has alerted current and former customers and is working with law enforcement to apprehend the perpetrators, with at least one individual already captured.

The breach was part of a larger cyber campaign targeting Snowflake, a cloud service provider, which has impacted multiple companies, including Ticketmaster, Santander, Neiman Marcus, and LendingTree. The hackers behind the Snowflake data thefts demanded payments ranging from $300,000 to $5 million in exchange for the stolen data. AT&T emphasized that the accessed information does not include the content of calls or texts and does not include personal information such as Social Security numbers or dates of birth. The company is urging customers to be cautious of phishing and smishing attempts and to only open text messages from trusted senders.

Faction’s Take

This is not ‘News’, but rather an update on what was reported earlier. It does include an admission by AT&T of a much broader set of data that was compromised. This is par for the course and generally a deliberate PR strategy – initial disclosures are almost always partial – and then over time the true extent of breaches are dripped out.

The problem here is not AT&T per se. Gathering and managing vast “lakes’ of customer data – whether PII or their activity – is a necessary part of managing any type of large scale consumer service. These breaches are extremely costly and damaging to the reputation of the company which is attacked – yet they continue to happen over and over. Why is that?

At Faction, we see and speak to what is clear and obvious to anyone can see with their own eyes, and what any industry insider will admit privately: what we are doing in cybersecurity is not working! It is based on a ‘good enough’ approach and a fundamentally flawed foundation that simply cannot match the challenges we face. The attackers have all the advantages, and AI, IOT and the new age of cyberwarfare and cyber terrorism that is upon us is going to make not just obvious, but painful to just about everyone.

Read More on The NY Times:

More reading:

Related posts

NSA Report Details the Extent and Effectiveness of PRC Exploitation of the Internet

Reading Time: 2 min.

The NSA release this week a comprehensive report with explicit details of the extent of the activity and ‘Tradecraft” of…

Read more

Chrome Browser Revealed to Secretly Spy on PCs

Reading Time: 1 min.

Luca Casonato 🏳️‍🌈 on Twitter / X Developer Luca Casonato posted a series of tweets on July 9. He revealed…

Read more
Data Breach

125 Million User Records and 19 Million Passwords Leaked in Firebase Vulnerability

Reading Time: 1 min.

Breaking news: the cloud is (really) not secure Three cybersecurity researchers (Logykk, xyzeva/Eva, and MrBruh) recently uncovered a significant security breach involving…

Read more

AT&T Admits that Data of “Nearly All” Customers Was Breached in 2022

The New York Times reported today that AT&T disclosed a significant data breach affecting nearly all of its customers. The breach occurred between April 14 and April 25, 2024, when threat actors unlawfully accessed an AT&T workspace on a third-party cloud platform. The stolen data included records of customer call…

Reading Time: 2 min.

The New York Times reported today that AT&T disclosed a significant data breach affecting nearly all of its customers. The breach occurred between April 14 and April 25, 2024, when threat actors unlawfully accessed an AT&T workspace on a third-party cloud platform. The stolen data included records of customer call and text interactions from May 1, 2022, to October 31, 2022, and on January 2, 2023. This data included telephone numbers, counts of interactions, and aggregate call durations, potentially allowing the threat actors to triangulate customer locations. AT&T has alerted current and former customers and is working with law enforcement to apprehend the perpetrators, with at least one individual already captured.

The breach was part of a larger cyber campaign targeting Snowflake, a cloud service provider, which has impacted multiple companies, including Ticketmaster, Santander, Neiman Marcus, and LendingTree. The hackers behind the Snowflake data thefts demanded payments ranging from $300,000 to $5 million in exchange for the stolen data. AT&T emphasized that the accessed information does not include the content of calls or texts and does not include personal information such as Social Security numbers or dates of birth. The company is urging customers to be cautious of phishing and smishing attempts and to only open text messages from trusted senders.

Faction’s Take

This is not ‘News’, but rather an update on what was reported earlier. It does include an admission by AT&T of a much broader set of data that was compromised. This is par for the course and generally a deliberate PR strategy – initial disclosures are almost always partial – and then over time the true extent of breaches are dripped out.

The problem here is not AT&T per se. Gathering and managing vast “lakes’ of customer data – whether PII or their activity – is a necessary part of managing any type of large scale consumer service. These breaches are extremely costly and damaging to the reputation of the company which is attacked – yet they continue to happen over and over. Why is that?

At Faction, we see and speak to what is clear and obvious to anyone can see with their own eyes, and what any industry insider will admit privately: what we are doing in cybersecurity is not working! It is based on a ‘good enough’ approach and a fundamentally flawed foundation that simply cannot match the challenges we face. The attackers have all the advantages, and AI, IOT and the new age of cyberwarfare and cyber terrorism that is upon us is going to make not just obvious, but painful to just about everyone.

Read More on The NY Times:

More reading:

If you liked this post, Share it on: