What you should know
- Hackers stole cellphone information of over 100 million AT&T clients from 2022, together with cellphone numbers, name/textual content counts, durations, and cell web site IDs.
- AT&T reported the breach to the SEC and is working with regulation enforcement, resulting in the arrest of a suspect.
- Mandiant attributed the breach to UNC5537, seemingly motivated by monetary acquire.
Hackers nabbed cellphone information of over 100 million AT&T clients from 2022, together with knowledge akin to cellphone numbers, name/textual content counts, durations, and cell web site identification numbers, TechCrunch experiences.
AT&T has already reported the information breach to the U.S. Securities and Trade Fee. The corporate can be working intently with regulation enforcement to type this out, and it’s paying off—they’ve already caught a suspect linked to the breach.
In its SEC submitting, AT&T disclosed that cybercriminals accessed and stole buyer name and textual content knowledge protecting Might 1, 2022, to October 31, 2022, plus one other breach on January 2, 2023, affecting a number of clients. The investigation exhibits the breach occurred between April 14 and April 25, 2024.
Moreover, AT&T informed TechCrunch that the information breach affected clients of different networks utilizing AT&T’s infrastructure. This consists of name information for customers of Cricket Wi-fi, Increase Cellular, and Client Mobile.
AT&T says it is going to attain out to all 110 million affected clients quickly to maintain everybody within the loop in regards to the breach. Plus, it has arrange a web site the place you’ll find solutions and data about what occurred.
An AT&T spokesperson confirmed to TechCrunch that the breach stemmed from a hacked account on Snowflake, a third-party cloud platform. Comparable breaches at Ticketmaster and QuoteWizard had been additionally linked to Snowflake. The cloud firm blamed the dearth of multi-factor authentication on the AT&T account, underscoring the necessity for robust cybersecurity from each clients and distributors.
Snowflake permits firms to maintain in depth buyer knowledge within the cloud for evaluation. AT&T hasn’t clarified why it needs to investigate such massive quantities of information or why it is utilizing Snowflake for storage, as per TechCrunch.
Cybersecurity consultants at Mandiant have attributed the information breach to UNC5537, an unidentified cybercriminal group. Mandiant suggests the assault was seemingly financially motivated, that means the stolen knowledge might be used for fraud.
On the very least, hackers did not entry the content material of calls and texts, or any private info like names, Social Safety numbers, or dates of delivery. Nonetheless, despite the fact that buyer names weren’t a part of the breach, it is nonetheless potential to match a reputation with a cellphone quantity utilizing on-line instruments.
An enormous challenge right here is the delay in telling the general public. AT&T knew in regards to the breach in April however held off on saying it twice. TechCrunch experiences that the FBI, AT&T, and the Division of Justice agreed to maintain it quiet resulting from nationwide safety and security considerations. The specifics aren’t clear, however this delay raises transparency questions and exhibits how difficult balancing cybersecurity and nationwide safety will be.
This current breach is one other hit to AT&T’s cybersecurity efforts, coming quickly after a separate leak earlier this yr that affected over 70 million clients. Whereas AT&T claims the incidents are unrelated, the back-to-back breaches elevate severe questions in regards to the firm’s knowledge safety technique and its skill to guard buyer info.