In a major data breach, AT&T has fallen victim to hackers who targeted a third-party cloud provider, resulting in the exposure of call records from millions of customers. The breach, which occurred in April 2024, allowed hackers to steal phone records of over 100 million AT&T customers from 2022. The stolen data includes phone numbers, call/text counts, durations, and cell site identification numbers.

AT&T has taken swift action by reporting the breach to the U.S. Securities and Exchange Commission (SEC) and collaborating with law enforcement. As a result of their efforts, a suspect linked to the breach has already been apprehended. Cybersecurity firm Mandiant has identified the perpetrator as UNC5537, a cybercriminal group likely motivated by financial gain.

TechCrunch reports that the stolen data not only affects AT&T customers but also customers of other networks that rely on AT&T's infrastructure. This includes users of Cricket Wireless, Boost Mobile, and Consumer Cellular. The breach timeframe spans from May 1, 2022, to October 31, 2022, with an additional breach on January 2, 2023, affecting a small number of customers.

AT&T has assured the public that the content of calls and texts, as well as personal information such as names, Social Security numbers, and birth dates, were not accessed by the hackers. However, the potential for matching names with phone numbers poses a risk for customers.

One concerning aspect of this breach is the delayed disclosure by AT&T. The company was aware of the breach in April but chose to keep it under wraps twice. The FBI, AT&T, and the Department of Justice decided to maintain secrecy due to national security and safety concerns, though the specifics of these concerns remain unclear. This delay raises questions about transparency and highlights the delicate balance between cybersecurity and national security.

The breach originated from a hacked account on Snowflake, a third-party cloud platform utilized by AT&T. Similar breaches at Ticketmaster and QuoteWizard have also been linked to Snowflake. The lack of multi-factor authentication on the AT&T account has been highlighted as a vulnerability, emphasizing the importance of strong cybersecurity measures for both customers and vendors.

AT&T has announced its plans to notify the approximately 110 million affected customers soon, providing updates and information about the breach. They have also established a dedicated website to address inquiries and offer support.

As investigations continue into the AT&T data breach, the focus remains on protecting customers' sensitive information and preventing further cyberattacks. The incident serves as a reminder of the ever-growing threat landscape and the need for robust security measures in the digital age.