AT&T Experiences Massive Phone Record Data Breach via Snowflake
US mobile giant AT&T has lost control of a massive dataset containing call and text records for nearly all its customers, spanning a six-month period in 2022. The breach is linked to a series of cyberattacks targeting customers of cloud data platform Snowflake.
AT&T revealed the incident in a filing with the Securities and Exchange Commission (SEC) on April 19, 2024, stating that an unauthorized party gained access to its data on a third-party cloud platform between April 14 and 25. The stolen data includes call and text logs from May 1 to October 31, 2022, as well as January 2, 2023.
While the data does not contain the content of the calls or texts, or any personal details like social security numbers or dates of birth, it does include phone numbers that AT&T’s wireless customers interacted with during the mentioned period. This includes phone numbers of AT&T’s landline customers, subscribers of other carriers, and call durations. For a limited set of records, cell site location data is also included.
AT&T says that since phone numbers can be linked to individuals through publicly available resources, the leaked data poses a significant risk of phishing attacks and other scams targeting its customers. The company is urging customers to be cautious and has advised them on steps to take to protect themselves.
Security experts believe the attackers gained access through a vulnerability in AT&T’s Snowflake environment. Snowflake is a cloud-based data storage platform that has seen a string of attacks recently, impacting over 160 clients including major companies like Ticketmaster and Santander.
Investigators suspect that a financially motivated cybercriminal group known as UNC5537 is behind the attacks. While analysts believe the breaches stem from poor security practices by the targeted companies, AT&T has not commented on whether this was the case in its incident.
Experts recommend that organizations maintain strong cybersecurity practices, including enforcing multi-factor authentication (MFA) to mitigate the risk of such attacks. Snowflake recently announced a policy change to improve its MFA offering, making it easier for users to enable it and allowing administrators to enforce it by default.
Security analysts also advise organizations to secure their supply chains, as attackers often target weaker links in a network to gain access to sensitive data.
Article Credit: Computer Weekly