AT&T revealed Friday morning {that a} cybersecurity assault had uncovered name information and texts from “practically all” of the provider’s mobile clients (together with folks on cell digital community operators, or MVNOs, that use AT&T’s community, like Cricket, Enhance Cellular, and Shopper Mobile). The breach happened throughout the interval between Could 1st, 2022, and October thirty first, 2022, along with an incident that impacted a “very small quantity” of consumers on January 2nd, 2023.
AT&T spokesperson Alex Byers confirmed to The Verge the menace actor accessed the knowledge by the corporate’s account on a third-party cloud platform, Snowflake, just like knowledge breaches which have affected Ticketmaster and Santander Financial institution. AT&T first discovered of the breach in April, however as reported by TechCrunch, an FBI spokesperson confirmed “AT&T, the FBI and the Division of Justice agreed to delay notifying the general public and clients on two events, citing ‘potential dangers to nationwide safety and/or public security.’”
The stolen knowledge contains which cellphone numbers clients interacted with, and Byers tells The Verge that the breach additionally contains “counts of these calls/texts and whole name durations for particular days or months.”
The downloaded knowledge doesn’t embrace the content material of any calls or texts. It doesn’t have the time stamps for the calls or texts. It additionally doesn’t have any particulars akin to Social Safety numbers, dates of beginning, or different personally identifiable data.
Whereas the info doesn’t embrace buyer names, there are sometimes methods to discover a title related to a cellphone quantity utilizing publicly accessible on-line instruments.
In a weblog publish, AT&T stated “we don’t imagine that the info is publicly accessible” and that it has “taken steps to shut off the unlawful entry level.” The corporate is working with regulation enforcement to “arrest these concerned” and says one particular person has already been apprehended.
“We are going to present discover to present and former clients whose data was concerned together with sources to assist shield their data,” AT&T writes. “We sincerely remorse this incident occurred and stay dedicated to defending the knowledge in our care.”