AT&T is warning of a large data breach the place risk actors stole the decision logs for about 109 million clients, or almost all of its cell clients, from an internet database on the corporate’s Snowflake account.
The corporate confirmed to BleepingComputer that the info was stolen from the Snowflake account between April 14 and April 25, 2024.
In a Friday morning Kind 8-Ok filling with the SEC, AT&T says that the stolen information comprises the decision and textual content information of almost all AT&T cell purchasers and clients of cell digital community operators (MVNOs) made out of Might 1 to October 31, 2022 and on January 2, 2023.
The stolen information consists of:
- Phone numbers of AT&T wireline clients and clients of different carriers.
- Phone numbers with which AT&T or MVNO wi-fi numbers interacted.
- Rely of interactions (e.g., the variety of calls or texts).
- Combination name period for a day or month.
- For a subset of information, a number of cell web site identification numbers.
The uncovered information didn’t include the content material of the calls or texts, buyer names, or another private data equivalent to Social Safety numbers or dates of delivery.
Though the accessed logs don’t include delicate data that straight exposes buyer identities, the communications metadata can be utilized to correlate them with publicly accessible data and simply derive identities in lots of circumstances.
The corporate says that after studying of the breach they labored with cybersecurity consultants and notified legislation enforcement. The US Division of Justice gave AT&T permision twice, on Might 9, 2024 and June 5, 2024, to delay public notification because of the potential dangers to nationwide security and public security.
“Shortly after figuring out a possible breach to buyer information and earlier than making its materiality resolution, AT&T contacted the FBI to report the incident. In assessing the character of the breach, all events mentioned a possible delay to public reporting below Merchandise 1.05(c) of the SEC Rule, because of potential dangers to nationwide security and/or public security,” the FBI instructed BleepingComputer.
“AT&T, FBI, and DOJ labored collaboratively by means of the primary and second delay course of, all whereas sharing key risk intelligence to bolster FBI investigative equities and to help AT&T’s incident response work.”
“The FBI prioritizes help to victims of cyber-attacks, encourages organizations to determine a relationship with their native FBI area workplace prematurely of a cyber incident, and to contact the FBI early within the occasion of breach.”
AT&T is working with legislation enforcement to arrest these concerned and states that they perceive no less than one individual has already been apprehended.
AT&T mentioned it has carried out further cybersecurity measures to dam unauthorized entry makes an attempt sooner or later, and it promised to inform present and former clients impacted by this incident quickly.
In the meantime, AT&T clients can comply with the hyperlinks supplied on this FAQ web page to verify if their cellphone quantity’s information was uncovered and to obtain the info related to their quantity that was stolen.
As of right now, AT&T says it has no proof the accessed information has been made publicly accessible and says the incident will not be associated to the 2021 data breach AT&T confirmed earlier this yr impacted 51 million clients.
The Snowflake information theft assaults
AT&T has confirmed to BleepingComputer that the info was stolen from its Snowflake account as a part of a wave of current information theft assaults utilizing compromised credentials.
Snowflake is a cloud-based database supplier that enables clients to carry out information warehousing and analytics on massive volumes of knowledge.
Final month, Mandiant revealed {that a} financially motivated risk actor tracked as ‘UNC5537’ was behind a number of assaults towards Snowflake clients, utilizing account credentials stolen through infostealer malware.
Snowflake has since launched a compulsory multi-factor authentication (MFA) enforcement choice for workspace directors to guard accounts towards straightforward take-overs resulting in data breaches impacting tens of millions of individuals.
The checklist of high-profile victims to which AT&T is being added now consists of Advance Auto Elements, Pure Storage, Los Angeles Unified, Neiman Marcus, Ticketmaster, and Banco Santander.
