AT&T has suffered a major data breach affecting “nearly all” of its cellular customers. Hackers broke into its system and stole records of calls and texts its mobile users made between May and October 2022. The stolen data also included those records from customers of mobile virtual network operators (MVNOs) that used AT&T’s network during that period, as well as AT&T landline customers who interacted with the exposed cellular numbers.
AT&T reports a data breach that exposed call and text records of its customers
Earlier this year, AT&T reluctantly admitted a 2021 data breach affecting 73 million customers. The massive breach exposed personal information, including names, addresses, phone numbers, email IDs, Social Security numbers, and dates of birth, of its users. The firm admitted the leak after a hacker tried selling the stolen data. If it wasn’t already a blow to its reputation, AT&T has suffered another major breach, putting more question marks on its security measures.
The cellular giant detected the latest data breach in April 2024 and publicly disclosed it in a regulatory filing early Friday. According to AT&T, a hacker gained unauthorized access to a workspace on a third-party cloud platform it uses and illegally downloaded customers’ call and text records. A company spokesperson told Bloomberg that the compromised cloud platform was Snowflake, a Montana-based cloud computing and data cloud provider.
While the stolen data doesn’t include the contents or time of the calls and messages, it is still one of the biggest breaches of private communications. AT&T also confirmed that the hacker didn’t obtain personal information such as names, Social Security numbers, or dates of birth. Unfortunately, many online tools can link a phone number to people’s identities. As such, this is a massive security threat to people who used AT&T’s wireless services during the specified period.
Well, not just AT&T mobile customers, but also those who used wireless services of MVNOs relying on its network. Boost Mobile, Boost Infinite, Cricket Wireless, TracFone, Black Wireless, FreeUp Mobile, H2O Wireless, Good2Go Mobile, Consumer Cellular, Jolt Mobile, Patriot Mobile, PureTalk, Naked Mobile, Allvoi, FreedomPop, Red Pocket, Straight Talk, Unreal Mobile, and Wing are among the MVNOs that have used AT&T wireless networks in recent years.
AT&T Landline users are also affected
While the breach primarily affected mobile users who made a call or sent a text message over AT&T networks between May and October 2022, the firm said the hacker also stole those records from January 2, 2023, for a “very small” number of customers. Additionally, all AT&T landline users who interacted with phone numbers leaked in this breach during the specified period are affected. The firm says the latest leak doesn’t have any connection with the previous leak.
AT&T has already closed off the illegal access point and is working with cybersecurity experts for further steps. The firm is also in contact with law enforcement and believes that the FBI has apprehended at least one person involved in the breach. There is no evidence that the hacker has publicly exposed the stolen information. AT&T didn’t specify if there has been any abuse of the compromised data. If you were an AT&T customer between 2022 and 2023, stay vigilant. You might want to be cautious about calls and messages from unknown numbers.
2024-07-12 15:05:20