How often do hear a company admit to losing everybody’s data? AT&T Just did.
AT&T admitted Friday that nearly all of its cellular customers have been impacted by a data breach involving call and text records. AT&T has 110 million customers and this is the second data breach since March. This data breach dates back to 2022.
It ain’t just AT&T
This is not just an AT&T issue. The breach hit customers of AT&T’s cellular service, customers of mobile virtual network operators using AT&T’s wireless network. That includes Cricket, Consumer Cellular, StraightTalk Wireless, H2O Wireless and Good2Go Moblie. AT&T landline customers who interacted with those cellular numbers are also impacted. Like I said, everybody! The one bit of good news is that AT&T representatives said; “The data does not contain the content of calls or texts, personal information such as Social Security numbers, dates of birth, or other personally identifiable information.”
What was stolen?
What was stolen includes phone numbers of both cellular and landline customers, as well as AT&T records of calls and text messages such as who contacted who by phone or text during a six-month period between May 1, 2022 and October 31, 2022 and some data from recent records from January 2, 2023 for a smaller but unspecified number of customers.
AT&T stated that that the most recent compromise of customer records were the result of data stolen from the cloud data provider Snowflake during a recent spate of data thefts.
Snowflake is having problems
Snowflake’s business permits its corporate customers, like tech companies and cell providers, to analyze huge amounts of customer data in the cloud. It’s not clear why AT&T was storing customer data in Snowflake, and the spokesperson did not explain.
Snowflake is having a tough year with data breaches. AT&T is the latest company to confirm it had data stolen from Snowflake, following Ticketmaster and LendingTree subsidiary QuoteWizard, and others.
Snowflake claims the data thefts were the result of its customers not using multi-factor authentication to secure their Snowflake accounts. However the security feature was not required or enforced by Snowflake.
Data stolen from Snowflake accounts has been data published on known cyber crime forums. AT&T said that it does not believe that the data is publicly available at this time.