Jul 15, 2024 00:25:00

Major US telecommunications carrier discovers that phone records of 'almost all' of its 110 million customers were stolen

AT&T , a major telecommunications company that provides mobile phones and Internet lines, announced on July 12, 2024 local time that the data of approximately 110 million customers had been stolen in a cyber attack.

Unlawful Access to Customer Data - AT&T Bill & account Customer Support
https://www.att.com/support/article/my-account/000102979

AT&T says criminals stole phone records of 'nearly all' customers in new data breach | TechCrunch
https://techcrunch.com/2024/07/12/att-phone-records-stolen-data-breach/

American Hacker in Turkey Linked to Massive AT&T Breach
https://www.404media.co/american-hacker-in-turkey-linked-to-massive-at-t-breach/

AT&T also acknowledged on March 30, 2024 that a large-scale cyber attack had exposed the personal information of 73 million people. The leaked data included passcodes for AT&T customer accounts in encrypted form, but the encryption was not random enough, so the four-digit passcodes could be guessed by using peripheral information in the leaked data set. Therefore, in addition to acknowledging the leak, AT&T responded by resetting all passcodes set by customers in bulk.

Major telecommunications company AT&T forces reset of customer account passcodes after 'personal information of a total of 73 million people was leaked onto the dark web' - GIGAZINE

According to an AT&T statement released on July 12, the newly stolen data includes customers' mobile and landline phone numbers, as well as call and text message records from May 1, 2022 to October 31, 2022. It also includes call records not only of AT&T customers but also of customers who use the telephone services of other mobile carriers that use the AT&T network. Although the content of calls and messages is not included in the stolen data, it does include metadata such as the length of calls, the total number of texts, and the approximate location of where calls were made and messages were sent.

'We plan to notify approximately 110 million AT&T customers about the data breach,' AT&T spokesperson Andrea Huguely told TechCrunch, which reported on the incident, and the company's notification page also included instructions for customers to find out if their account was compromised.

According to AT&T, the data breach was part of an ongoing attack targeting customers of cloud data giant Snowflake that began in early June 2024, and was stolen from Snowflake data, but is unrelated to the cyberattack that occurred at the end of March. Huguely did not disclose why AT&T customer data was stored in Snowflake.

According to a report by technology media 404Media , John Binns, a US-born suspect who was previously arrested in Turkey, may be involved in a large-scale data breach that also involved AT&T. Other companies whose data was stolen from Snowflake have had their stolen data published on the dark web, but AT&T's data is not thought to be publicly available at the time of writing.

On the community news site Hacker News, there has been a lot of discussion about this issue, with some arguing that data breach laws should be stricter because companies will only take minimal measures unless a breach has a real impact, and others pointing out that it's strange that telecommunications companies are storing call records and message metadata that go beyond phone numbers in the first place.