AT&T breach leaked call and text records from ‘nearly all’ wireless customers

AT&T revealed Friday morning that a cybersecurity attack had exposed call records and texts from “nearly all” of the carrier’s cellular customers (including people on MVNOs that use AT&T’s network, like Cricket, Boost Mobile, and Consumer Cellular) during the period between May 1st, 2022, and October 31st, 2022, as well as a “very small number” of customers on January 2nd, 2023.

AT&T spokesperson Alex Byers confirmed to The Verge the threat actor accessed the information through the company’s account on a third-party cloud platform, Snowflake, similar to data breaches that have affected Ticketmaster and Santander Bank. AT&T first learned of the breach in April, but as reported by TechCrunch, an FBI spokesperson confirmed “AT&T, the FBI and the Department of Justice agreed to delay notifying the public and customers on two occasions, citing ‘potential risks to national security and/or public safety.’”

The stolen data includes which phone numbers customers interacted with, and Byers tells The Verge that the breach also includes “counts of those calls/texts and total call durations for specific days or months.”

The downloaded data doesn’t include the content of any calls or texts. It doesn’t have the time stamps for the calls or texts. It also doesn’t have any details such as Social Security numbers, dates of birth, or other personally identifiable information.

While the data doesn’t include customer names, there are often ways to find a name associated with a phone number using publicly available online tools.

In a blog post, AT&T said “we do not believe that the data is publicly available” and that it has “taken steps to close off the illegal access point.” The company is working with law enforcement to “arrest those involved” and says one person has already been apprehended.

“We will provide notice to current and former customers whose information was involved along with resources to help protect their information,” AT&T writes. “We sincerely regret this incident occurred and remain committed to protecting the information in our care.”

FOLLOW US ON GOOGLE NEWS

Read original article here

Denial of responsibility! Secular Times is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – seculartimes.com. The content will be deleted within 24 hours.

Leave a Comment