AT&T’s Worst Call: Phone Records of Nearly All Customers Stolen in Major Breach

AT&T recently confirmed that cybercriminals stole the phone records of nearly all its customers in a significant data breach. This breach affected millions of customers, and the stolen data includes phone numbers, call and text records, and location-related data.

The company announced it would begin notifying approximately 110 million customers about the breach. The stolen data encompasses both cellular and landline customers’ phone numbers, as well as records of calls and text messages exchanged between May 1, 2022, and October 31, 2022. Additionally, some data from as recent as January 2, 2023, was also compromised.

Rs 16 Crore Stolen from Nainital Bank’s Noida Branch; CERT-In and Police Investigate Major Cyber Attack on Core Banking Server

The data stolen includes metadata, such as the total count of a customer’s calls and texts and call durations, but not the content of the calls or texts. Some stolen records contain cell site identification numbers, which can be used to approximate the location of where a call or text was made.

AT&T linked this breach to a security incident involving Snowflake, a cloud data company. Snowflake’s accounts were compromised due to a lack of multi-factor authentication. AT&T learned of the breach on April 19, 2023, and has since worked with law enforcement to investigate. The cybercriminal group behind the breach, tracked as UNC5537, is believed to have members in North America and Turkey.

In response, AT&T reset the account passcodes of millions of customers and disclosed the breach to regulators. The company reassured customers that it does not believe the stolen data is publicly available at this time. One individual linked to the breach has been apprehended.

Noida Police Arrest 11 in Multi-Crore ‘Insurance Policy Renewal’ Racket

The FBI, AT&T, and the Department of Justice delayed notifying the public to address potential national security risks. This breach marks AT&T’s second significant security incident this year, following a previous breach where customer account information was published on a cybercrime forum.