United States: Phone records stolen from "nearly all" AT&T customers
Hackers have stolen phone records from customers of the US telecommunications corporation AT&T. More than 100 million people are believed to have been affected by the data theft.
The data was stolen from a third-party cloud platform, the company announced on Friday. The data consist of phone records covering the time period between May 1 and October 31, 2022.
The stolen data reveal which telephone numbers customers interacted with in that time period, whether in the form of phone calls or text messages. “[N]early all of AT&T’s cellular customers” are believed to have been affected by the breach, as well as customers of service providers that use AT&T’s wireless network – according to US media reports, more than 100 million people in all.
“For a subset of records, one or more cell site identification number(s) associated with the interactions are also included,” AT&T reports – meaning that those with access to the data can trace users’ approximate location.
Phone records from January 2, 2023 were also stolen – “for a very small number of customers,” AT&T said.
According to AT&T’s announcement, the stolen phone logs do not include the contents of the calls or texts, nor do they include time stamps. Likewise, sensitive data like social security numbers were not stolen.
AT&T first learned of the incident in April
AT&T said that it first learned of the data theft in April. At that point, “We launched an investigation and engaged leading cybersecurity experts,” the company said. The company is also “working with law enforcement” – one suspect is said to have been arrested in the case.
According to a notice from the US Security and Exchange Commission (SEC) which exercises oversight over the stock market, the US Department of Justice agreed in May and again in June that AT&T could wait to publicly disclose information about the data theft.
Fears of phishing
Anton Dahbura at the Information Security Institute at Johns Hopkins University in Baltimore told the New York Times that the data theft was “highly worrisome.” The stolen records reveal who people talk to, “where they go, where they socialize.” Such information could be exploited “to create a highly intelligent cyberattack through phishing or hacking.”
CNN reports that hackers “could see that a customer is in constant contact with a big bank’s line and could send a phishing attempt posing as the bank” via text message.
The New York Times also reports that federal agencies like the State Department and the Department of Defense are AT&T customers. But the company “did not immediately respond to a request for comment on how federal customers’ phone logs may have been affected by the breach,” the Times writes.
In its own announcement, AT&T wrote that it does not believe that the data have been published at this time.
Several data thefts at third-party cloud platform
Earlier this year, in March, AT&T admitted that customer data had been published. At the time the data in question were believed to come from the year 2019 and to pertain to roughly 7.6 current customers and 65.4 million former customers. This earlier data set did include social security numbers and other personal information.
US media outlets report that in the current case, the data was taken from the servers of the cloud storage platform Snowflake. In recent months, “more than 100 of that company’s corporate customers have been compromised,” according to the Washington Post.
A prominent example is the ticket sales company Ticketmaster: hackers were reportedly able to snatch the personal information of roughly 560 million of the company’s customers, including names and addresses.
The data of employees and customers of Santander bank and of customers of Advance Auto Parts, a US car parts retailer, were also reportedly taken from Snowflake’s servers. (js)