AT&T has simply disclosed one other outdated information breach, with this one exposing almost each buyer’s telephone name and textual content message data for a date vary spanning six months in 2022.
The corporate made the disclosure on Friday morning. The corporate is restricted about what bought stolen, and believes that the information lifted isn’t but publicly accessible.
Our investigation discovered that the downloaded information included telephone name and textual content message data of almost all of AT&T mobile clients from Might 1, 2022 to October 31, 2022 in addition to on January 2, 2023. These data establish different telephone numbers that an AT&T wi-fi quantity interacted with throughout this time, together with AT&T landline (house telephone) clients. For a subset of the data, a number of cell website ID numbers related to the interactions are additionally included.
The breach goes additional than simply AT&T clients. The info set additionally consists of any quantity that an AT&T buyer interacted with, together with landline clients. Additionally included are complete name durations, and counts of calls or texts to any given quantity.
AT&T says that the information would not embrace contents of calls or texts, or related time stamps. Different personally identifiable info like social safety numbers or dates of start should not included within the breach both.
Presently, it would not seem that AT&T is providing anything to these impacted apart from platitudes — nevertheless it does say within the disclosure submitting that there’s a strategy to see what telephone numbers have been uncovered. It has confirmed that the entry level the place the information was stolen has been secured.
Round 110 million clients, previous and current, are impacted by the breach. The corporate says that it discovered concerning the breach on April 19. In a press release to AppleInsider, AT&T says that was cooperating with regulation enforcement within the ongoing investigation, and waited to confide in keep away from “undermining their work.”
Like with TicketMaster, the information theft is expounded to cloud analytics platform Snowflake. As with the remainder of the breaches related to Snowflake, the analytics agency says that it isn’t accountable, and as an alternative the shoppers that do not use multi-factor authentication are in charge.
Snowflake doesn’t mandate multi-factor authentication.
This breach is unrelated to an earlier one, that the corporate disclosed in March 2024. In that one, the corporate reset passcodes for 7.6 million clients, three years after the breach occurred.
The breach that the corporate reported then was denied for 3 years, after being reported on hacker boards in 2021.
Up to date July 12, 8:13 AM Up to date with reasoning from AT&T why they waited three months to reveal the breach to clients.