Connect with us

Tech News

AT&T loses ‘nearly all’ phone records in Snowflake breach

Published

on

AT&T loses ‘nearly all’ phone records in Snowflake breach

AT&T, one of the largest and oldest telecoms and mobile network operators in the United States, has experienced a significant data breach. The breach resulted in the loss of phone records of nearly all its customers for a six-month period in 2022. This breach is part of a larger series of breaches affecting customers of cloud data specialist Snowflake.

Upon discovering the incident on 19 April 2024, AT&T activated its cyber incident response process. The company believes that threat actors gained unauthorized access to an AT&T workspace on a third-party cloud platform and exfiltrated files containing customer call and text records from May to October 2022, as well as January 2023. The data compromised does not include personal information such as social security numbers or dates of birth.

The stolen data includes records of calls and texts for almost all of AT&T’s wireless customers and customers of mobile virtual network operators using AT&T’s network. While the data does not contain customer names, it does identify telephone numbers and interactions. AT&T is taking steps to inform affected customers and provide guidance on protecting themselves from potential follow-on attacks.

AT&T’s breach is linked to a breach of its Snowflake environment, joining over 160 other Snowflake customers who have been breached by a cyber criminal group known as UNC5537. The breaches are attributed to a lack of security hygiene, with evidence of malware on third-party contractor systems used to access compromised IT systems.

Snowflake has implemented new policies to enhance security, including prompting users to enable multi-factor authentication (MFA) and monitoring compliance with network policies. MFA is considered a crucial security measure, especially in the face of increasing cyber threats like credential stuffing attacks.

See also  Lawyers and journalists seeking ‘payback’ over police phone surveillance, claims former detective

Trending