July 15, 2024 - Telecommunications giant AT&T has revealed that cybercriminals have stolen phone records belonging to nearly all of its 110 million customers. The compromised data includes millions of phone numbers, call and text logs, and location information, raising concerns over consumer privacy. But outside of phone numbers, it apparently dosent include much in the way of what is normally considered personally identifiable information.

The breach, which AT&T disclosed on Friday, originated from the cloud data service provider Snowflake. According to a company spokesperson, Snowflake blamed recent data thefts on customers not employing multi-factor authentication to secure their accounts.

The stolen data encompasses phone call and text message records from May 2022 to early January 2023. While AT&T has stated that the access point used by the cybercriminals has been secured, the breach extends beyond AT&T’s mobile customers. It includes landline users and customers of other cell carriers who utilize AT&T's network or have interacted with AT&T numbers.

The records obtained by the hackers reveal the counts of calls or texts, total call durations for specific periods, and information that can approximate the location where calls were made or texts sent. Although AT&T asserts that the stolen data does not include the content of the communications, time stamps, or highly sensitive personal information such as Social Security numbers and dates of birth, the nature and volume of the exposed data still pose a privacy risk.

Despite the significant amount of data exposed, it may not be particularly useful to cybercriminals for identity theft, as it lacks critical personal details typically exploited in such crimes. However, the data could potentially be used for other malicious purposes. For instance, cybercriminals could use the location information to track individuals' movements, engage in targeted phishing attacks, or sell the data to third parties for marketing purposes. Additionally, the detailed call logs could be used to infer relationships and communication patterns, which could be exploited for social engineering attacks.

AT&T is now working with law enforcement agencies to pursue those responsible for the breach. An investigation is ongoing, and at least one individual has been apprehended in connection with the unauthorized data access.

As AT&T begins notifying customers of the breach, the telecom giant is urging everyone to be vigilant against potential scams and to monitor their accounts for suspicious activity. 

Note: When posting a comment, please sign-in first if you want a response. If you are not registered, click here. Registration is easy and free.

Follow ACCESS