By Matt Egan and Sean Lyngaas | CNN
The call and text message records from mid- to late 2022 of tens of thousands and thousands of AT&T wireless customers and lots of non-AT&T customers were exposed in an enormous data breach, the telecommunications company announced Friday.
AT&T said the compromised data included the phone numbers of “nearly all” of its wireless customers and wireless carrier customers who used its network between May 1, 2022, and October 31, 2022.
The stolen logs also include a record of all numbers AT&T customers called or texted, including customers on other wireless networks, the variety of interactions and the duration of the decision.
Importantly, based on AT&T, the stolen data didn’t include the content of calls and text messages, nor the timing of those communications.
AT&T said the information of a “very small number” of consumers from January 2, 2023, was also affected.
“We are currently investigating the AT&T data leak and coordinating with our law enforcement partners,” the FCC said on the social media platform X.
The company accused an “illegal download” on a third-party cloud platform that the corporate learned about in April – just as the corporate was coping with a unrelated major data leak.
AT&T says the exposed data is probably going not publicly available, but CNN couldn’t independently confirm this claim.
AT&T spokesman Alex Byers told CNN that this was a totally recent incident that was “in no way related” to a different incident that got here to light in March, when AT&T said personal information, equivalent to social security numbers, of 73 million current and former customers had been published on the dark web.
“We sincerely regret this incident and remain committed to protecting the information entrusted to us,” the corporate said in an announcement in regards to the latest data leak.
AT&T reported about 110 million wireless subscribers at the top of 2022. AT&T said international calls weren’t included within the stolen data, except for calls to Canada.
The breach also affected AT&T landline customers who interacted with these cell phone numbers.
AT&T said that the incident didn’t reveal the content of the calls or texts, nor did it reveal any personal information equivalent to social security numbers, dates of birth or customer names. However, the corporate acknowledged that publicly available tools can often link names to specific phone numbers.
In addition, AT&T said that for an unspecified portion of its records, it also disclosed a number of wireless identification numbers related to the calls and text messages. Such data could reveal the approximate geographic location of a number of of the participants.
AT&T promised to notify current and former customers whose data was affected and supply them with resources to guard their data.
Usage details equivalent to the duration of calls and text messages were also not compromised. However, AT&T spokesman Byers told CNN that the variety of calls and text messages, in addition to the full duration of calls for specific days or months, were exposed.
This implies that while the information wouldn’t indicate exactly when one phone number called one other, it could provide details about how often two parties called one another on certain days – and the way long they spoke for.
AT&T said it learned on April 19 that a “threat actor claimed to have unlawfully accessed and copied AT&T's call logs.” The company said it “immediately” engaged experts and a subsequent investigation found that hackers exfiltrated files between April 14 and April 25.
Ministry of Justice delays public announcement
“In assessing the nature of the breach, all parties discussed a potential delay in public reporting … due to potential risks to national security and/or public safety,” the FBI said in an announcement. “AT&T, FBI, and DOJ worked together throughout the first and second delay processes while sharing key threat intelligence to bolster FBI investigative resources and support AT&T's incident response work.”
“This is very worrying. This information is very valuable to cybercriminals and nation states,” Sanaz Yashar, co-founder and CEO of cybersecurity firm Zafran, told CNN.
Yashar, a former Israeli cyber spy, said threat actors can correlate cell ID data with other available information to find out exactly where someone is working – including in sensitive locations just like the White House and the Pentagon.
“You don't need the timestamp. If someone is there every day, you can see how they work there and what their routine is. This is top secret information and a method that spies use to do things.”
AT&T shares fell 1% on Friday after the news was released.
Regarding the brand new incident, AT&T told CNN that the corporate learned in April that customer data had been illegally downloaded from its workspace on Snowflake, a third-party cloud platform.
Brad Jones, chief information security officer at Snowflake, told CNN in a separate statement that the corporate found no evidence that this activity “was caused by a vulnerability, misconfiguration or security breach on the Snowflake platform.” Jones said this was confirmed by investigations by third-party cybersecurity experts at Mandiant and CrowdStrike.
AT&T said the corporate has launched an investigation, hired cybersecurity experts and brought steps to shut down the “illegal access point.”
The company said it was assisting law enforcement in apprehending those responsible and that it was aware that at the very least one person had already been arrested.
The-CNN-Wire
™ & © 2024 Cable News Network, Inc., a Warner Bros. Discovery company. All rights reserved.
Originally published:
image credit : www.mercurynews.com