An AT&T workspace cloud platform provided by third-party vendor Snowflake was ‘unlawfully accessed’
AT&T has revealed in a new filing that during a six-month period in 2022, it fell prey to a major hack of customer data impacting nearly all of its subscribers. In a separate press release, AT&T said it is working with the FBI to arrest those involved in the incident, and that at least one person has already been apprehended.
In the SEC Filing, the carrier stated it learned in April that a “threat actor … unlawfully accessed and copied AT&T call logs” and that following this discovery, it “immediately activated its incident response process” and is taking “additional cybersecurity measures.”
An investigation uncovered that an AT&T workspace cloud platform provided by third-party vendor Snowflake was “unlawfully accessed.” The platform contained data of its wireless customers and those of MNVOs using its network, as well as information on landline customers who interacted with the impacted mobile numbers.
AT&T said that the breach did not expose personal information like Social Security numbers or dates of birth, but added, however, that it did contain call and text interaction data such as telephone numbers, call counts and durations. “While the data does not include customer names, there are often ways, using publicly available online tools, to find the name associated with a specific telephone number,” the cautioned in the filing.
The breach, which occurred two years ago, was not disclosed until now because the U.S. Department of Justice had determined that “a delay in public disclosure was warranted.” AT&T said it does not believe that the data is publicly available at this time and that the incident had no “material impact on operations … [or] its financial condition.”
This past April, AT&T was hit with another hack, this one affecting 7.6 million customers and 65.4 million former account holders. The data set included personal information such as Social Security numbers, it said at the time.
Cloud data storage software company Snowflake doesn’t have a much better track record — last month, fingers were pointed at the company for recent attacks on Ticketmaster and Santander Bank that exposed more than half a billion customers’ sensitive data. Snowflake, however, is denying responsibility, even as it admits that an ex-employee account was compromised in a “similar” way.