Blog » Latest Articles
Jul 12, 2024 Brittani Johnson

Nearly All AT&T Customers Affected in Latest Data Leak

Estimated Reading Time: 4 Minutes

It’s unfortunate, but some companies seem to keep being targeted by hackers. AT&T is the latest, with a Security and Exchange Commission (SEC) filing today, July 12, revealing that six months’ worth of call and text message records of nearly all AT&T customers (and many non-AT&T customers) were exposed in a massive data breach.

What Data Was Compromised?

The compromised data included records of calls and texts of tens of millions of AT&T's cellular customers, customers of mobile virtual network operators using AT&T's wireless network, as well as AT&T's landline customers who interacted with those cellular numbers. These records included counts of those interactions and aggregated call durations for a day or month. For a subset of records, one or more cell site identification number(s) were also included.

So while the telecom company reported no names or other personal information was included, it’s worth mentioning that there are often ways to find the name associated with a specific telephone number through certain publicly available online tools (this was also noted in the SEC filing).

The SEC filing read, in part, “AT&T believes that threat actors unlawfully accessed an AT&T workspace on a third-party cloud platform and, between April 14 and April 25, 2024, exfiltrated files containing AT&T records of customer call and text interactions that occurred between approximately May 1 and October 31, 2022, as well as on January 2, 2023.”

At this point in time, the company does not believe that the data itself is publicly available. Still, this is being described as a mega breach that has the potential to be a major security threat.

How Was This Data Compromised?

AT&T says these records were illegally downloaded from a third-party workspace platform, Snowflake. If this name sounds familiar, it’s because they’ve been mentioned in multiple other recent breaches. In a breach notice posted July 10, leading auto parts retailer Advanced Auto Parts disclosed that more than 2.3 million individuals were impacted in a leak that took place from April 14, 2024, to May 24, 2024.

The information was compromised in a widespread attack against organizations with Snowflake cloud storage environments. Other affected Snowflake customers include: Neiman Marcus, Santander, Ticketmaster, LendingTree, and more.

Investigations by Snowflake and several cybersecurity companies showed that the data storage platform itself was never hacked and that cybercriminals stole the login credentials for specific Snowflake accounts via malware.

Implications for Your Customers

On the outset, the information stolen does not seem to be much to worry about, but security analysts have noted that “metadata stolen at this scale” can present a “massive NSA-like window into American’s activity” – remarks made by John Scott-Railton, a senior researcher at the University of Toronto's Citizen Lab.

This news comes at the heels of another major data leak that AT&T dealt with, which the company says was unrelated. On March 30th this year, AT&T announced that a dataset, including some Social Security numbers and passcodes for about 7.6 million current account holders and 65.4 million former account holders, was found on the dark web.

Why Your Organization’s Third-Party Vendors' Security Matters

There’s a recurring theme amongst these latest breaches: the data is being compromised via third-party vendors. This is why it’s so crucial to thoroughly vet all third-party vendors or platforms that you may use – in any capacity.

At Iris® Powered by Generali, security is the guiding principle for our employees, processes, technology, culture, and values, and is built into all layers of the Iris identity protection platform.

Check out our Security and Privacy Center to learn more about our security practices and commitment to providing secure, comprehensive B2B2C fraud protection and mitigation tools and services.

Tips for Your Customers

AT&T is in the process of making victims who were affected by this breach aware. Consumers shouldn’t panic but should take the necessary precautions to help protect themselves from the negative impacts of a data breach. At this point in time, because of the nature of the data that was compromised, security analysts are still figuring out exactly what the implications may be. Still, we recommend:

  • Change your AT&T account password and/or PIN. Always use strong and unique passwords, and don’t reuse passwords across multiple platforms – especially for accounts that store sensitive personal and financial information.

  • Make monitoring activity on your financial and credit card accounts part of your routine.

  • Consider setting up free fraud alerts with the three major credit bureausTransUnion, Experian, and Equifax. You can also request and review your free credit report via FreeCreditReport.com.

  • Be on the lookout for phishing emails and scam texts or calls. In the aftermath of any data breach, it’s common for those affected to receive an influx of phishing emails and scam calls supposedly from the breached organization or other trusted service providers. They are likely looking to get more personal information from you so that they can inflict more damage to your identity.

  • If you haven't already, sign up for a long-term identity protection service with credit and identity monitoring. Comprehensive identity monitoring services should include alerts so that if your information is detected on the dark web, you can quickly take preventative measures and work with resolution experts to minimize any damage.
Published by Brittani Johnson July 12, 2024