In a significant security breach reported on Friday, U.S. telecommunications giant AT&T revealed that data from nearly all its customers was compromised. The breach, which occurred in April this year, involved the downloading of customer information from a third-party platform, Snowflake.
Approximately 109 million customer accounts were affected, including cellular customers, users of mobile virtual network operators relying on AT&T's wireless network, and landline customers associated with those cellular numbers. AT&T stated that the leaked data does not include certain usage details such as timestamps of calls or texts, nor does it contain customer names.
However, the company cautioned that online tools could potentially be used to link telephone numbers to individuals. An internal investigation revealed that the compromised data encompassed records of calls and texts between May 1 and October 31, 2022, with a few additional records from January 2, 2023.
AT&T clarified that the breach was confined to its workspace on Snowflake's cloud platform and did not affect its broader network infrastructure. In response to the incident, the Federal Bureau of Investigation (FBI) collaborated with AT&T and the Department of Justice (DOJ) to enhance investigative efforts and support AT&T's incident response.
The DOJ announced that it identified the breach earlier this year but opted for a delayed public disclosure to mitigate potential risks to national security and public safety. The breach was officially made public on Friday through a filing with the U.S. Securities & Exchange Commission.
The Federal Communications Commission is also conducting its own investigation into the breach, underscoring the severity of the incident and its potential implications for customer privacy and national security.
Reference(s):
Data of nearly all AT&T customers leaked from 3rd-party platform
cgtn.com
