(Bloomberg) — The Federal Communications Commission said it was investigating a massive hack of AT&T Inc. customer data that included call and text message records for nearly all of its cell phone users over a six-month period in 2022, one of the largest private communications data breaches in recent memory.
Bloomberg’s Most Read
The company said in a regulatory filing Friday that the breach, which has not been previously disclosed, also included the records of wireless service provider customers who used AT&T’s network between May 1, 2022, and Oct. 31 of that year. year. The company said it learned in April that the information was illegally downloaded from a workspace on a third-party cloud platform, which a spokesperson identified as Snowflake Inc.
Records from January 2, 2023 were also compromised for a “very small” number of customers, AT&T said.
An FCC spokesman, Jonathan Uriarte, said: “The agency has an ongoing investigation and is coordinating with our law enforcement partners.”
The data does not include the content of the calls and messages, personal information such as birth dates and Social Security numbers, or the times of the calls, according to the filing. However, the records “identify the telephone numbers with which an AT&T cell phone number or MVNO interacted during these periods,” according to the document, referring to wireless service providers that use AT&T’s network. While the data does not include customer names, there are “publicly available online tools” that can connect numbers with people’s identities, the company said.
The breach marks a new security blow for the $134 billion company, which touts its services not only as a major retail and business provider but also as a government contractor for U.S. intelligence and defense clients. Provides telephony to US military customers and a national emergency response network.
AT&T shares fell 1% just after 10 a.m. in New York, while Snowflake shares fell 2.5%.
While not much is yet known about the breach, it has the potential – if the data is released – to be devastating for some customers. This includes anyone who does not want others to know who they are calling, such as politicians, executives, activists, journalists and their sources.
“An unknown entity now has NSA-level insight into the lives of Americans,” said John Scott-Railton, a senior researcher at Citizen Lab, a research group at the University of Toronto, in a post on are limited to AT&T customers. But everyone they interacted with. Also a huge national security incident due to government customers.”
The FBI said in a statement that it was contacted by AT&T about the incident and that the parties agreed to delay disclosure due to potential national security and public safety concerns.
Bloomberg News reported on April 1 that personal data of about 73 million current and former AT&T customers had been leaked onto the dark web. This data appears to be from 2019 and earlier and is not related to the breach reported on Friday, a spokesperson told Bloomberg.
On Friday, AT&T said it does not believe information from the latest breach has been publicly released.
An investigation including cybersecurity experts was launched and steps were taken to close the illegal access point. AT&T has been working with law enforcement and believes at least one person involved has been detained, according to the document.
Last month, Snowflake said hackers were targeting its customers. The attackers used stolen login details to access the accounts of up to 165 Snowflake customers – including Lending Tree, Advanced Auto Parts Inc., Pure Storage Inc. and Ticketmaster – and steal data. The hackers did not breach Snowflake, but used credentials available on places such as cybercriminal forums to access customer accounts, which did not have security measures such as multi-factor authentication.
A Snowflake spokesperson referred Bloomberg News to a statement from May. “We have not identified evidence to suggest that this activity was caused by a vulnerability, misconfiguration or breach of the Snowflake platform,” Chief Information Security Officer Brad Jones said at the time.
–With assistance from Charles Gorrivan.
Bloomberg Businessweek Most Read
©2024 Bloomberg LP