In what is shaping up to be an unsettling revelation for many, AT&T has confirmed a massive data breach affecting nearly all customers. This incident has compromised call and text records over several months in 2022 and, to a lesser extent, on January 2, 2023. Customers and experts alike are coming to terms with the implications of this breach.
The telecommunications behemoth admitted to the extensive breach, stating that an immense data cache was uploaded to a third-party platform by unauthorized individuals. AT&T stressed that the stolen haul does not comprise call or text content, nor personal identifiers such as Social Security numbers, birth dates, or customer names as per a statement obtained by KTLA. However, since phone numbers often serve as digital breadcrumbs, leading back to their owners through online tools, cybersecurity specialists warn that the breach could still put personal privacy at risk.
AT&T disclosed the breach was relegated to a workspace on the cloud platform, Snowflake, calming fears that the wider network was impacted. Roei Sherman, Field Chief Technology Officer at Mitiga, highlighted the risks that come with the massive quantity of data stored on cloud platforms, emphasizing increased complexity in breach detection and investigation. AT&T has roped in cybersecurity experts to untangle the full extent of this intrusion and has already seen at least one arrest made concerning the case, shared in both reports from KTLA and NBC Los Angeles.
Customers are left navigating the aftermath of the breach, with AT&T advising them to monitor their accounts for any signs of unauthorized access. For those wondering if they have been affected, AT&T has created a landing page at att.com/DataIncident and promises direct communication to those impacted via text, email, or mail, as mentioned in an interview with a spokesperson for AT&T by CBS MoneyWatch. Yet, while data theft protection services aren't being offered as of now, logging into accounts can provide customers with not only the status of their data but also allow for a user-friendly report of the compromised details.
The Department of Justice determined that the breach posed a significant risk to national security, thereby delaying the public notification. Professor Patrick Schaumont explained to CBS MoneyWatch that "these call logs reveal social and/or professional networks of people" involved in national security, underscoring the potential harm of such information being public. AT&T complied with the decision to delay the alert until it was appropriate to do so.
This concerning cyber-attack forms part of a wave of digital threats this year that have targeted various sectors, including earlier breaches against AT&T, the Alabama State Department of Education, and ongoing issues faced by auto dealerships due to an attack on CDK Global. As these events unfold, federal bodies such as the FBI and the Federal Communications Commission continue to investigate, and AT&T's stock takes a hit, reflecting the sense of unease among customers and investors alike.
