AT&T has simply disclosed one other previous information breach, with this one exposing almost each buyer’s telephone name and textual content message information for a date vary spanning six months in 2022.
The corporate made the disclosure on Friday morning. The corporate is particular about what received stolen, and believes that the info lifted is just not but publicly obtainable.
Our investigation discovered that the downloaded information included telephone name and textual content message information of almost all of AT&T mobile prospects from Might 1, 2022 to October 31, 2022 in addition to on January 2, 2023. These information determine different telephone numbers that an AT&T wi-fi quantity interacted with throughout this time, together with AT&T landline (residence telephone) prospects. For a subset of the information, a number of cell web site ID numbers related to the interactions are additionally included.
The breach goes additional than simply AT&T prospects. The information set additionally consists of any quantity that an AT&T buyer interacted with, together with landline prospects. Additionally included are whole name durations, and counts of calls or texts to any given quantity.
AT&T says that the info would not embrace contents of calls or texts, or related time stamps. Different personally identifiable data like social safety numbers or dates of delivery will not be included within the breach both.
At the moment, it would not seem that AT&T is providing anything to these impacted apart from platitudes — but it surely does say within the disclosure submitting that there’s a option to see what telephone numbers had been uncovered. It has confirmed that the entry level the place the info was stolen has been secured.
Round 110 million prospects, previous and current, are impacted by the breach. The corporate says that it realized in regards to the breach on April 19. In a press release to AppleInsider, AT&T says that was cooperating with legislation enforcement within the ongoing investigation, and waited to speak in confidence to keep away from “undermining their work.”
Like with TicketMaster, the info theft is said to cloud analytics platform Snowflake. As with the remainder of the breaches related to Snowflake, the analytics agency says that it’s not accountable, and as an alternative the shoppers that do not use multi-factor authentication are guilty.
Snowflake doesn’t mandate multi-factor authentication.
This breach is unrelated to an earlier one, that the corporate disclosed in March 2024. In that one, the corporate reset passcodes for 7.6 million prospects, three years after the breach occurred.
The breach that the corporate reported then was denied for 3 years, after being reported on hacker boards in 2021.
Up to date July 12, 8:13 AM Up to date with reasoning from AT&T why they waited three months to reveal the breach to prospects.