AT&T said that customer data covering "nearly all" of its customers from May 1, 2022, to October 31, 2022, and Jan. 2, 2023 was downloaded from a third-party cloud platform.
According to TechCrunch's Zack Whittaker, that third-party platform was Snowflake. As detailed by Google Cloud's Mandiant unit cybercriminals have been targeting Snowflake customer instances for data theft and extortion.
The breached AT&T data includes metadata such as cell site ID numbers and interactions as well as phone numbers. Personally identifiable information such as Social Security numbers and dates of birth were not breached, according to AT&T.
In a regulatory filing, AT&T said it learned of the incident April 19 with the attack happening between April 14 and April 25. AT&T said:
"While the data does not include customer names, there are often ways, using publicly available online tools, to find the name associated with a specific telephone number."
AT&T's breach is just the latest in a long line of high-profile attacks that are now required to be disclosed. These attacks mean enterprises need to map out response and resilience over prevention.
- Cyberattack Cripples Car Dealerships: A Wake-Up Call for Post-Breach Resilience
- Cybersecurity platformization: What you need to know
- UnitedHealth sees $1.35 billion to $1.6 billion hit in 2024 due to Change Healthcare cyberattack
- 11 Top Cybersecurity Trends for 2024 and Beyond
Constellation ShortLists™