Cyber Threat Radar – AT&T has reported that the data of almost all its customers was transferred to a third-party system during a security breach, amidst the ongoing global spread of cyberattacks targeting various organizations such as businesses, schools, and healthcare providers.
The company disclosed the breach recently, revealing that it occurred primarily over a span of five months in 2022. The incident impacted AT&T’s mobile customers, customers of mobile virtual network operators utilizing AT&T’s wireless network, and landline customers who communicated with those cellular numbers. AT&T stated that around 109 million customer accounts were compromised, and they have indicated that the data is not believed to be accessible to the public at this time.
According to AT&T, the compromised data does not include call or text content, sensitive personal details like Social Security numbers, birth dates, or any other personally identifiable information.
“This has the potential to intrude on people’s privacy”
“Although the leaked information may not contain sensitive details, it could still be utilized to reconstruct events and determine the identities of individuals making calls,” commented Timothy Jenkins, Head of Cyber Defense Research, SentryBay. “This has the potential to intrude on people’s privacy by revealing private calls and connections. Business phone numbers can be easily identified, and private numbers can be linked to names through public record searches.”
A thorough internal inquiry revealed that the compromised data encompasses AT&T records of calls and texts made between May 1, 2022, and October 31, 2022. AT&T has pinpointed the third-party platform as Snowflake and stated that the incident was confined to an AT&T workspace on the cloud company’s platform and did not impact its network.
Massive Data Storage On Cloud And SaaS Platforms
“The large amount of data stored by companies on cloud platforms can pose significant risks,” said Tim Royston-Webb, CEO, SentryBay. “The AT&T data breach highlights the increasing dangers of the massive data storage on cloud and SaaS platforms by companies. As businesses depend more on these technologies, the difficulty of identifying and addressing breaches has also increased significantly.”