Skip to main content
Partly Cloudy icon
54º

Data of nearly all AT&T customers downloaded from a third-party platform in security breach

The data of nearly all customers of the telecommunications giant AT&T was downloaded from a third-party platform in a security breach, the company said Friday, as cyberattacks against businesses, schools and health systems continue to spread globally.

The breach, which took place in April of this year but mostly involved data from 2022, hit AT&T's cellular customers and customers of mobile virtual network operators using AT&T’s wireless network, as well as landline customers who interacted with those cellular numbers.

Approximately 109 million customer accounts were impacted, according to AT&T, which said that it currently doesn’t believe that the data is publicly available.

“The data does not contain the content of calls or texts, personal information such as Social Security numbers, dates of birth, or other personally identifiable information,” AT&T said Friday.

The compromised data also doesn’t include some information typically seen in usage details, such as the time stamp of calls or texts, the company said, or customer names. AT&T, however, said that there are often ways of using publicly available online tools to find the name associated with a specific telephone number.

Cybersecurity experts concurred, saying that such data can be used to trace users.

“While the information that was exposed doesn’t directly have sensitive information, it can be used to piece together events and who may be calling who. This could impact people’s private lives as private calls and connections could be exposed," Thomas Richards, principal consultant at Synopsys Software Integrity Group, said in an emailed statement. “The business phone numbers will be easy to identify and private numbers can be matched to names with public record searches.”

An internal investigation determined that compromised data includes AT&T records of calls and texts between May 1, 2022 and Oct. 31, 2022.

AT&T identified the third-party platform as Snowflake and said that the incident was limited to an AT&T workspace on that cloud company's platform and did not impact its network.

Cybersecurity experts say the sheer volume of data held by companies on cloud platforms can create its own perils.

“The AT&T data breach underscores the growing risks associated with the vast amounts of data companies now store on cloud and SaaS platforms," said Roei Sherman, Field Chief Technology Officer at Mitiga, a threat detection and investigation company that focuses on cloud technology. “As organizations increasingly rely on these technologies, the complexity of detecting and investigating breaches has risen sharply.”

AT&T's investigation is ongoing and it has engaged with cybersecurity experts to understand the nature and scope of the criminal breach. At least one person has been apprehended so far, according to the company.

Compromised data also includes records from Jan. 2, 2023, for a very small number of customers. The records identify the telephone numbers an AT&T or MVNO cellular number interacted with during these periods. For a subset of records, one or more cell site identification number(s) associated with the interactions are also included.

The Federal Bureau of Investigation said that it has worked collaboratively with AT&T and the Justice Department “through the first and second delay process, all while sharing key threat intelligence to bolster FBI investigative equities and to assist AT&T’s incident response work.”

The Department of Justice said Friday that it became aware of the breach early this year, but that it met the security standard for a delayed filing by AT&T with the U.S. Securities & Exchange Commission, a filing that was made public Friday.

The DOJ said an earlier disclosure of the breach would “pose a substantial risk to national security and public safety.”

The Federal Communications Commission is also investigating.

The year has already been marked by several major data breaches, including an earlier attack on AT&T. In March AT&T said that a dataset found on the “dark web” contained information such as Social Security numbers for about 7.6 million current AT&T account holders and 65.4 million former account holders.

Some auto dealerships are still using pens and paper to close deals after back-to-back cyberattacks last month on a company that supplies them with software. That company, CDK Global, is still attempting to reestablish normal operations.

Alabama’s education superintendent said earlier this month that some data was “breached” during a hacking attempt at the Alabama State Department of Education.

Cybersecurity experts are warning that hospital systems around the country, which have already been targeted, are at risk for more attacks and that the U.S. government is doing too little to prevent breaches.

AT&T customers can visit att.com/DataIncident for more information.

Shares of AT&T Inc., based in Dallas, fell slightly on Friday.

___

This story was first published on July 12, 2024. It was updated on July 13, 2024, to correct when the breach occurred and where the data came from. The data was mostly from 2022, but the breach occurred in April 2024. The data was downloaded from a third-party platform, not to a third-party platform.