Hackers accessed AT&T's data storage platform in April, stealing metadata from "nearly all" call records and messages sent by users over a six-month period in 2022. AT&T filed paperwork with the Securities and Exchange Commission (SEC) on Friday, stating that it learned of the incident on April 19.
The company revealed to a local media outlet that the breach took place via the third-party cloud platform Snowflake, a data storage giant plagued by hackers who have attacked some of the company's most notable clients and released stuff affecting hundreds of millions of individuals.
An investigation revealed the attacker stole files from AT&T's Snowflake account between April 14 and April 25.
When asked why the attacker was still able to access the Snowflake account nearly a week after AT&T detected the issue, the spokesman stated that it "took time to investigate the claim of a breach, determine its source, isolate the impacted data, and close off the illegal access point."
The spokesperson stated that the hackers took "aggregated metadata" regarding calls or messages, not the content of the talks. AT&T has the most wireless subscribers in the United States, far more than rivals Verizon and T-Mobile.
According to an annual report for 2022, the incident affected around 109 million people's accounts. The telecom giant believes the hacker stole "files containing AT&T records of customer call and text interactions" from around the beginning of May 2022 to the end of October, as well as on January 2, 2023.
The hack impacted "records of calls and texts of nearly all of AT&T's wireless customers and customers of mobile virtual network operators (MVNO) using AT&T's wireless network.”
“These records identify the telephone numbers with which an AT&T or MVNO wireless number interacted during these periods, including telephone numbers of AT&T wireline customers and customers of other carriers, counts of those interactions, and aggregate call duration for a day or month,” the company noted in the SEC filing.
“For a subset of records, one or more cell site identification number(s) are also included. While the data does not include customer names, there are often ways, using publicly available online tools, to find the name associated with a specific telephone number.”
AT&T pledged to tell current and former customers, and it stated it had locked down the "point of unlawful access." The company stated in the filing that at least one person was arrested in connection with the theft.
