In a recent disclosure, AT&T revealed that a significant data breach occurred two years ago, affecting text message and phone call records of "nearly all" its customers. This incident is the latest in a series of security challenges for the telecom giant, following the exposure of personal information from tens of millions of customers on the dark web earlier this year.
The Data Breach Details
The breach in question, which took place between May and October 2022, involved the compromise of call and text records from most AT&T customers. Notably, while the content of these communications was not accessed, the breach did include:
- Phone numbers: Numbers of both AT&T customers and the individuals they contacted.
- Interaction details: Frequency of interactions and call duration.
However, sensitive personal information such as Social Security numbers, dates of birth, and other personally identifiable information (PII) were not included in the breach. Despite this, AT&T acknowledged that there are potential methods to link phone numbers with names, raising privacy concerns.
Source and Response
The compromised data was reportedly downloaded from a third-party cloud platform that had been targeted in recent hacks. Specifically, AT&T identified that customer data was accessed from a workspace on the Snowflake platform. The company has since collaborated with law enforcement to track down those responsible for the breach, leading to at least one arrest so far.
Previous Incidents
This breach follows a similar incident disclosed by AT&T in May, where personal information from approximately 73 million customers, including Social Security numbers, was leaked on the dark web. The company indicated that this data appeared to be from 2019 or earlier and assured customers that there was no evidence of unauthorized access to its systems. In response, AT&T reset passwords for millions of customers and promised proactive communication and credit offers to those affected.
Broader Implications
With 110 million wireless subscribers at the end of 2022, AT&T's customer base is vast, and the impact of such breaches is significant. These incidents underscore the importance of robust cybersecurity measures and the ongoing challenges companies face in safeguarding customer data. As AT&T continues to address these issues, the incidents serve as a reminder for consumers to stay vigilant about their personal information and take advantage of credit monitoring services offered by the company.
Conclusion
AT&T's recent data breach highlights the growing complexities of cybersecurity in an increasingly connected world. As the company works with law enforcement to mitigate the damage and prevent future breaches, it remains crucial for customers to stay informed and proactive in protecting their personal information. For the latest updates on this and other breaking news, sign up for text message alerts from Forbes by texting “Alerts” to (201) 335-0739.
