AT&T Data Breach Exposes Nearly All Customers' Call and Text Records

How AT&T customers can protect themselves in the latest data breach

If you were an AT&T cellphone customer in 2022, your call data was possibly breached to bad actors. AT&T said Friday that data was breached from "nearly all" of its cellular customers and the customers of wireless providers that used its network between May 1, 2022, and October 31, 2022. The records of a "very small number" of customers from January 2, 2023, were also breached, AT&T said. The company blamed an "illegal download" on a third-party cloud platform that it learned about in April -- just as AT&T was grappling with an unrelated major data leak. AT&T listed approximately 110 million wireless subscribers as of the end of 2022. Here's what that means for the millions of Americans that use AT&T's cellular service. What's at risk Hackers did not get any names, addresses or Social Security numbers. What they did get is metadata -- call logs that contain a record of every number AT&T customers called or texted (including customers of other wireless networks), the number of times they interacted and the call duration. A cybercriminal could now identify relationships among phone numbers, a useful data point for hackers trying to make their scams more believable. For example, a hacker could see that a customer is in constant contact with a big bank's line and could send a phishing attempt posing as the bank. The hacker could text the customer saying, "This is Bank of America. We have some suspicious activity on your account. Click this link to review the charges, or call this number," said John Dwyer, director of security research at Binary Defense, a cybersecurity solutions firm. Or the hacker could pose as someone the customer has a personal relationship with, like a friend or family member. The age of artificial intelligence makes this even more pressing, according to Collin Walke, cybersecurity and data privacy partner at Hall Estill. "Once they know who you've been communicating with, it allows deep fakes and those sorts of hacks to occur much easier," Walke said. Some customers' cell tower ID numbers were also exposed, which could help some bad actors track down geolocations, Walke said. That could also make these hacking attempts more believable. What customers should do Cellphone users should always be careful about phishing and other scam attempts, especially as hackers become more and more sophisticated. But AT&T customers should be hypersensitive to phone calls and text messages where they're being asked to do things like call a number, click a link or transfer money. That includes requests from what appears to be a number that you normally communicate with, Dwyer said. "If someone calls or texts you and asks you to do something, make sure you call them back to verify that it's actually them," Dwyer said. Of course, without stricter cybersecurity regulation, there isn't much customers can do to protect against data breaches. That responsibility lies with the federal government and giant telecom companies, which experts say widely go unchecked. "I don't think we should have an expectation that everyday Americans should be on the front lines of defending themselves for making sure the businesses they interact with have mandatory minimum cybersecurity in place," Eric Noonan, CEO of cybersecurity provider CyberSheath said. CNN's Matt Egan and Sean Lyngaas contributed to this report.

AT&T data breach: Call and text records of nearly all customers exposed

AT&T has confirmed a major data breach impacting a staggering number of its customers. The company revealed that criminals were able to illegally download files containing call and text records for "nearly all" of its cellular customers, mobile virtual network operator (MVNO) customers using AT&T's network, and even landline customers who interacted with those cellular numbers. Data breach and its cause The compromised data reportedly includes call detail records (CDRs), which could reveal the phone numbers involved in a call, the date and duration of the call, and potentially the location data associated with the call. Text message content itself is not believed to be part of the breach. The timeframe for the exposed data ranges from May 1, 2022, to October 31, 2022. According to AT&T, the hackers accessed the data through a third-party cloud platform where the company stores its customer information. While the investigation is ongoing, AT&T believes the attackers exploited a vulnerability on this platform. What the company said AT&T has assured customers that they are taking steps to address the breach and mitigate the risks. The company is working with law enforcement to investigate the incident and apprehend those involved. Additionally, AT&T is offering credit monitoring services to affected customers. "Protecting your data is one of our top priorities. We have confirmed the affected access point has been secured. We hold ourselves to a high standard and commit to delivering the experience that you deserve. We constantly evaluate and enhance our security to address changing cybersecurity threats and work to create a secure environment for you. We invest in our network's security using a broad array of resources including people, capital, and innovative technology advancements," said the company. The TOI Tech Desk is a dedicated team of journalists committed to delivering the latest and most relevant news from the world of technology to readers of The Times of India. TOI Tech Desk's news coverage spans a wide spectrum across gadget launches, gadget reviews, trends, in-depth analysis, exclusive reports and breaking stories that impact technology and the digital universe. Be it how-tos or the latest happenings in AI, cybersecurity, personal gadgets, platforms like WhatsApp, Instagram, Facebook and more; TOI Tech Desk brings the news with accuracy and authenticity.

Nearly all AT&T subscribers' call records stolen in Snowflake cloud hack

Six months of call and text records taken from AT&T workspace on cloud platform. AT&T today said a breach on a third-party cloud platform exposed the call and text records of nearly all its cellular customers. The leaked data is said to include phone numbers that AT&T subscribers communicated with, but not names. An AT&T spokesperson confirmed to Ars that the data was exposed in the recently reported attack on "AI data cloud" provider Snowflake, which also affected Ticketmaster and many other companies. As previously reported, Snowflake was compromised by a group that obtained login credentials through information-stealing malware. "In April, AT&T learned that customer data was illegally downloaded from our workspace on a third-party cloud platform," AT&T announced today. AT&T said it is working with law enforcement and "understands that at least one person has been apprehended." AT&T said it does not believe the stolen call data has been made publicly available. "The call and text records identify the phone numbers with which an AT&T number interacted during this period, including AT&T landline (home phone) customers. It also included counts of those calls or texts and total call durations for specific days or months," AT&T said. Records of "nearly all" AT&T customers The data does not include the content of calls or text messages, AT&T said. "Based on our investigation, the compromised data includes files containing AT&T records of calls and texts of nearly all of AT&T's cellular customers, customers of mobile virtual network operators (MVNOs) using AT&T's wireless network, as well as AT&T's landline customers who interacted with those cellular numbers between May 1, 2022 - October 31, 2022. The compromised data also includes records from January 2, 2023, for a very small number of customers," AT&T said. The carrier said the breach does not include Social Security numbers, dates of birth, other personally identifiable information, or the time stamps for calls and texts. "While the data does not include customer names, there are often ways, using publicly available online tools, to find the name associated with a specific telephone number," an AT&T filing with the Securities and Exchange Commission said. AT&T's SEC filing said the "records identify the telephone numbers with which an AT&T or MVNO wireless number interacted during these periods, including telephone numbers of AT&T wireline customers and customers of other carriers, counts of those interactions, and aggregate call duration for a day or month. For a subset of records, one or more cell site identification number(s) are also included." AT&T said it has "clos[ed] off the point of unlawful access" and is notifying current and former customers of the breach. AT&T's current and former customers can obtain the data that was compromised, and details on how to make those data requests are available on this page. FBI and FCC comment The Federal Bureau of Investigation said AT&T and law enforcement agreed to delay public reporting of the incident when the investigation began in April. The FBI provided this statement to Ars: Shortly after identifying a potential breach to customer data and before making its materiality decision, AT&T contacted the FBI to report the incident. In assessing the nature of the breach, all parties discussed a potential delay to public reporting under Item 1.05(c) of the SEC Rule, due to potential risks to national security and/or public safety. AT&T, FBI, and DOJ worked collaboratively through the first and second delay process, all while sharing key threat intelligence to bolster FBI investigative equities and to assist AT&T's incident response work. The FBI declined to provide any information on the person who was apprehended. The Federal Communications Commission said it has "an ongoing investigation into the AT&T breach and we're coordinating with our law enforcement partners." An AT&T spokesperson told Ars that the Snowflake breach is unrelated to another recent leak involving the data of 73 million current and former subscribers.

AT&T reports significant cybersecurity breach By Investing.com

AT&T Inc. (NYSE:T) has disclosed a significant cybersecurity incident in which threat actors accessed and copied customer call logs from a third-party cloud platform. The breach, which AT&T became aware of on April 19, 2024, involved the exfiltration of files containing records of customer call and text interactions between May 1 and October 31, 2022, and on January 2, 2023. The company, in a statement today based on a SEC filing, confirmed that the compromised data does not include the content of the communications, personal details like Social Security numbers, or other personally identifiable information. However, the data does contain records of interactions, including the telephone numbers, counts of interactions, and aggregate call durations. Additionally, for some records, cell site identification numbers were included. AT&T has reported that the breach affected nearly all of its wireless customers and those of mobile virtual network operators using AT&T's network. While the data does not include customer names, the company acknowledged that public tools could potentially link telephone numbers to individual names. In response to the incident, AT&T has implemented additional cybersecurity measures and closed off the point of access used by the attackers. The company will notify current and former customers impacted by the breach. The U.S. Department of Justice had previously allowed AT&T to delay public disclosure of the incident for investigative reasons, with one individual reportedly apprehended in connection with the breach. As of the filing date, AT&T does not believe the data has been made publicly available and asserts that the incident has not materially impacted its operations or financial condition. The information for this report is based on a press release statement from AT&T. In other recent news, Ericsson (BS:ERICAs)'s second-quarter financial results showcased a smaller-than-expected 7% decline in revenue, reaching 59.9 billion Swedish crowns ($5.69 billion), surpassing analyst expectations. This was largely due to heightened demand in North America, where sales climbed by 14% following a significant contract with AT&T. Despite a loss in adjusted earnings before interest and taxes (EBIT) of 11.9 billion crowns, analysts from PP Foresight and Inderes responded favorably to Ericsson's performance. Scotiabank has increased its price target for AT&T shares to $23.00, maintaining its Sector Outperform rating due to strong growth in the company's mobility and consumer wireline businesses. The firm anticipates a modest 1.8% growth in adjusted EBITDA. Additionally, Deutsche Bank (ETR:DBKGn) has raised AT&T's stock target to $26.00, reflecting optimism over AI integration and the potential for increased wireless market share. The National Football League (NFL) faces a substantial payout of over $4.7 billion in damages to subscribers of its "Sunday Ticket" service, which has implications for AT&T, as DirecTV, a subsidiary of AT&T, was the former distributor of the service. Meanwhile, the Federal Communications Commission (FCC) Chair, Jessica Rosenworcel, has demanded strategies from major companies, including AT&T, to combat fraudulent political robocalls made using artificial intelligence. These are recent developments that investors may want to consider. In light of AT&T's recent cybersecurity incident, it's essential for investors to consider the company's financial health and market performance. According to real-time data from InvestingPro, AT&T boasts a substantial market capitalization of $135.23 billion, reflecting its significant presence in the telecommunications industry. With a P/E ratio of 13.01, the company presents a valuation that may interest value-focused investors, especially when considering the adjusted P/E ratio for the last twelve months as of Q1 2024 is an even more attractive 9.06. Additionally, AT&T's dividend yield stands at a robust 5.89%, a testament to its commitment to returning value to shareholders, as evidenced by its track record of maintaining dividend payments for 41 consecutive years. InvestingPro Tips highlight that AT&T has a perfect Piotroski Score of 9, indicating strong financial health, and the company's valuation implies a strong free cash flow yield, which may be appealing to investors seeking companies with solid financial fundamentals. Moreover, for those looking to delve deeper into AT&T's investment potential, there are additional InvestingPro Tips available, offering insights that could further inform investment decisions. To access these, investors can visit: https://www.investing.com/pro/T. Remember to use coupon code PRONEWS24 to get up to 10% off a yearly Pro and a yearly or biyearly Pro+ subscription.

AT&T Data Breach Fallout: Watch Out for Targeted Texts, Spoofed Calls

AT&T customers reeling from Friday's news of a massive theft of calling and texting records may now find themselves facing an onslaught of scam calls and texts targeted with that stolen data. The breach is described by AT&T as "phone call and text message records of nearly all of AT&T cellular customers from May 1, 2022 to October 31, 2022 as well as on January 2, 2023," taken from an AT&T workspace hosted by the cloud provider Snowflake. The risks go beyond the immediate privacy violation and whatever gut-punch feelings that might inflict. Those records don't include the content of any calls or texts, but that metadata -- which for some victims includes cell-site location data -- can still be enormously valuable on its own for what it can reveal about the significant relationships in somebody's life. That has long made phone metadata attractive to law-enforcement and national-security investigations; the National Security Agency collected it in bulk for years until Congress put a halt to the practice. But scammers can exploit it too. "The stolen call and messaging logs include details that allow an attacker to believably assume someone else's identity and trick a person into giving out sensitive information, handing over money, passwords, and more," Rachel Tobac, CEO and co-founder of San Francisco-based SocialProof Security, said via email. "When the criminal knows who you trust, they're able to leverage that trust to trick and harm folks while pretending to be that individual." For example, she explained, an attacker could combine that information with records bought from data brokers, then spoof Caller ID to call or text a target and perform a convincing impersonation of a friend or family member. In other words: less indiscriminate "pig butchering" and more targeted spear phishing. Spoofing somebody's number, despite all the effort put into authenticating calls, remains a trivial exercise. "Super easy," says Kinnaird McQuade, founder and chief technology officer of NightVision, a Bradenton, Florida, security-testing firm. "I have an app on my phone that does it." Combined with AI tools to clone people's voices, McQuade predicts that "it's going to be easier and easier for these scams to happen." 'Be Politely Paranoid' Noting that the Federal Communications Commission's site specifically warns about Caller ID spoofing, Stop Scams Alliance founder and CEO Ken Westbrook summed up the FCC's advice in an email as "don't trust Caller ID because it can be so easily spoofed." His Virginia-based nonprofit supports stricter laws and regulations governing spoofing -- for example, to require blocking calls from other countries that spoof a US number. AT&T's customer-support page about the breach advises ignoring texts from unknown senders and staying "cautious of any phone call or text request asking you for personal, account, or credit card details," but a company rep says it recognizes spoofed numbers as a serious risk too. "We are urging customers to be mindful that Caller IDs can be manipulated and spoofed," spokeswoman Kim Hart wrote in an email that linked to the company's posted advice about avoiding frauds and scams. "Be politely paranoid," Tobac advises. "If the caller/texter makes a sensitive request like asking for money, passwords, sensitive private info/photos, etc. it's important to realize that we need to verify that person is who they say they are before taking any action." She and McQuade say the simplest form of verification is simply hanging up and calling back, because Caller ID spoofing doesn't intercept calls to the actual number. "It's way easier to say, hey, I'm going to call you back," he says. McQuade counsels against a common suggestion of negotiating code words with family members that they're supposed to say on a call to confirm everybody's identity: "If I had a different code word for each person in my family and my wife's family -- we have a huge family -- I couldn't possibly remember all of those things." Tobac also suggests using an alternate and more secure communication channel, such as the Signal encrypted messaging app or email, to verify a call or a text from somebody purporting to be somebody you know. Whatever you do to watch out for impostors in your calls and texts, the underlying problem here -- inadequate or absent federal laws and regulations about digital privacy that leave many companies insulated from consequences -- isn't going away. And in the meantime, subscribers to other wireless carriers should not think their choice of service insulates them from these risks, even if AT&T's breach is somehow the last. "We all call AT&T people too," says McQuade. "Our phone numbers are all in there."

A massive AT&T hack exposed 'nearly all' customers' phone numbers and call logs

UBS is downgrading Tesla because the stock has risen 'too much, too soon' thanks to its AI ambitions The telecom giant reported that records of calls and texts between May and October of 2022 were illegally downloaded by "threat actors." AT&T said it learned of the issue in April and has been working with cybersecurity experts to "understand the nature and scope of the criminal activity." The company also said that only telephone numbers and cell site IDs were obtained by hackers -- not other sensitive data, such as the content of texts, Social Security numbers and birth dates. AT&T didn't guarantee that the hackers wouldn't be able to find your name, though. "We are working with law enforcement in its efforts to arrest those involved in the incident," the company said in a statement Friday. "We understand that at least one person has been apprehended." AT&T subtly (or not so subtly) pointed out that a third-party cloud provider was compromised -- not AT&T's in-house servers. The telecom company said bad actors were able to access the data via its workspace on a separate cloud platform. Bloomberg reported that the platform in question is Snowflake. "[T]his incident has not had a material impact on AT&T's operations, and AT&T does not believe that this incident is reasonably likely to materially impact AT&T's financial condition or results of operations," AT&T said in an SEC filing. 6: Number of months in 2022 for which hackers have almost all AT&T customer call logs

Almost All of AT&T's Wireless Customers Hacked as Snowflake Breach Snowballs

The interconnected global operating landscape has never held more opportunity for businesses. Or more threats. Gaining a deeper understanding of the threat landscape and the top tactics, techniques and procedures (TTPs) of ransomware gangs is increasingly crucial for firms. News broke Friday (July 12) that a fraudster "unlawfully accessed and copied AT&T call logs" impacting "nearly all of AT&T's wireless customers and customers of mobile virtual network operators ... using AT&T's wireless network." AT&T counts nearly 90 million cellphone subscribers, and that is before including in the total the third-party reseller brands that use its network. The data obtained by the cybercriminals included records of calls and texts and is believed to have stemmed from an earlier data breach on cloud storage and data warehousing vendor Snowflake. The company indicated that, so far, the data has not surfaced for sale on the dark web, unlike other caches of information related to the Snowflake attack. The incident follows a separate revelation Wednesday (July 10) that as a result of the same Snowflake data breach, the criminal theft of customer data from Advance Auto Parts has impacted over 2.3 million individuals. The Advance Auto Parts' customer data that was stolen potentially includes names, dates of birth, Social Security numbers, and driver's license or other ID document numbers, and it underscores the fact that Snowflake's breach may be snowballing into one of the largest data attacks by surface area undertaken by a ransomware gang. Read also: Firms Look to Mitigate Consequences From Data Breaches Ransomware gangs often begin their attack by gaining initial access through various means such as exploiting vulnerabilities in public-facing applications or using phishing emails to deceive employees into installing malware. Once inside the network, they employ techniques like credential dumping and lateral movement to navigate through the system and identify valuable data. Mike Storiale, vice president of innovation development at Synchrony, told PYMNTS in February that the new operation reality is that "identity theft, phishing and data breaches have all become more prevalent." Cybercriminals employ sophisticated techniques to infiltrate systems, encrypt files and demand ransoms for the decryption keys. Understanding their modus operandi is the first step in defending against these malicious attacks. Proactive measures, employee education and security protocols are essential in mitigating the risk and impact of security breaches. "The barrier for entry has never been lower for threat actors," Sunil Mallik, chief information security officer at Discover® Global Network, told PYMNTS this month, noting that the cost of computing power has decreased dramatically over the past decade, making it easier for criminals to access powerful tools and launch sophisticated attacks. "It's a combination of defenses at the human layer, controls at the network layer, application layer and business process layer," Mallik added. "This is complemented by continuous monitoring of the external threat environment." See also: 2024 Is Already the Year of the Cyberattack As the threat landscape continues to evolve, so too must the strategies employed to combat these malicious actors. "Everyone has been dealing with cybersecurity for a long time," XiFin Chief Financial Officer Erik Sallee told PYMNTS in June. "There's no way around it other than blocking and tackling, doing the right thing every day keeping all your systems up to date, making sure you're working with good vendors and investing in it. It's a cost-avoidance type of investment, but it's one you have to understand, and you can't short shrift it." To protect against ransomware attacks, organizations are advised to adopt a multilayered security approach. This includes regular software updates, employee training on phishing awareness, robust data backup strategies, and the deployment of advanced security solutions capable of detecting and mitigating ransomware threats. "It is essentially an adversarial game; criminals are out to make money, and the financial community needs to curtail that activity," Michael Shearer, chief solutions officer at Hawk AI, told PYMNTS in February. "What's different now is that both sides are armed with some really impressive technology." "On the automated side, it's all about data," he added. "It's all about organizing and connecting your data together, understanding the signals that you have so you can build a richer context and make better decisions. But you've got to have that information there, and you've got to connect it together. That's step one."

AT&T And Snowflake Stocks Slide On Friday - What's Going On - AT&T (NYSE:T), Snowflake (NYSE:SNOW)

The breach involved AT&T call logs accessed via Snowflake, impacting 110 million customers. AT&T Inc T and Snowflake Inc SNOW stocks are trading lower Friday after AT&T disclosed a fresh data breach that allowed cybercriminals to steal the phone records of "nearly all" customers. A separate TechCrunch report claimed that the hackers stole records from the cloud data giant Snowflake during data thefts targeting Snowflake's customers. On April 19, 2024, AT&T discovered a threat actor who claimed to have unlawfully accessed and copied AT&T call logs. The investigation revealed that between April 14 and April 25, 2024, threat actors accessed an AT&T workspace on a third-party cloud platform and exfiltrated files containing customer call and text interaction records from May 1 to October 31, 2022, and January 2, 2023. The breach also affected customers of other cell carriers using AT&T's network. While the stolen data does not contain call or text content, it includes metadata like the total count of calls, texts, and call durations, TechCrunch said. Some records have cell site identification numbers, which can approximate the location of calls and texts. AT&T spokesperson Andrea Huguely told TechCrunch that the company plans to notify approximately 110 million customers about the breach. Huguely told TechCrunch that the stolen records were taken from Snowflake. The U.S. Department of Justice allowed a delay in public disclosure on May 9 and June 5, 2024, determining it was warranted. Cybersecurity firm Mandiant, called in by Snowflake, reported that about 165 customers had significant volumes of data stolen, TechCrunch said. The breach is attributed to a financially motivated cybercriminal group, UNC5537, with members in North America and Turkey. AT&T stated it does not believe the stolen data is publicly available and is working with law enforcement to apprehend those responsible. The company confirmed that one person, though not an AT&T employee, has been arrested in connection with the breach. As of this filing, AT&T does not believe that the incident will materially impact its operations or financial condition. This marks the second security incident for AT&T this year. Price Actions: T shares traded lower by 2.76% at $18.34 premarket at the last check on Friday. SNOW is down 4.16% at $132.60. Disclaimer: This content was partially produced with the help of AI tools and was reviewed and published by Benzinga editors. Photo courtesy: Pixabay Market News and Data brought to you by Benzinga APIs