Hackers accessed third-party cloud platform Snowflake to steal data.
An enormous amount of customer data has been stolen from telecommunication company AT&T for the second time this year.
AT&T disclosed in a regulatory filing on Friday, July 12, that the most recent batch of customer data includes “records of customer call and text interactions” that happened “between approximately May 1 and October 31, 2022, as well as on January 2, 2023.”
(Related: AT&T’s MASSIVE data breach affects 73 MILLION previous and current customers.)
The telecom company stated the data does not include “content of calls or texts, personal information such as Social Security numbers, dates of birth, or other personally identifiable information,” but stressed the data does include “periods of time, records of calls and texts of nearly all of AT&T’s wireless customers and customers of mobile virtual network operators (“MVNO”) using AT&T’s wireless network.”
The filing commented that hackers “unlawfully accessed an AT&T workspace on a third-party cloud platform … between April 14 and April 25, 2024.”
Hackers accessed third-party cloud platform Snowflake to steal data
As reported by Bloomberg, the third-party cloud platform that the hackers accessed to steal the data is Snowflake.
In markets, AT&T shares dropped three percent, while Snowflake shares fell five percent. AT&T believes the data has not yet been leaked on the dark web.
Bloomberg mentioned that although much remains unknown about the breach, it could be disastrous for some customers if the data is eventually released. That involves anyone who doesn’t want others to know who they are contacting like politicians, executives, activists, journalists and their sources.
A ZeroHedge report on March 31 revealed that the personal data of 73 million AT&T accounts were leaked onto the dark web. A lot of the data seemed to be from 2019 or earlier.
AT&T said it has taken “additional cybersecurity measures” in reaction to this incident along with shutting off the point of unlawful access. The company confirmed that it will give notice to its current and former customers that were affected.
“AT&T is working with law enforcement in its efforts to arrest those involved in the incident. Based on information available to AT&T, it understands that at least one person has been apprehended. As of the date of this filing, AT&T does not believe that the data is publicly available,” the telecom corporation said. “The incident was limited to an AT&T workspace on Snowflake’s cloud platform and did not impact AT&T’s network.”
The Department of Justice (DOJ) permitted AT&T two national security exemptions and permitted the corporation not to report the cyber breach publicly until Friday.
For some critical infrastructure corporations, the United States government orders that at least 72 hours after a cyber breach, companies must report the nature of the attack to the government.
“Consistent with the Department’s public guidance, AT&T notified the FBI [Federal Bureau of Investigation] upon learning of the incident, but prior to AT&T having made its materiality determination. AT&T’s cooperation with the Department in this matter, including its timely advance notification to the FBI, benefited the Department’s ongoing efforts to investigate the incident,” the DOJ said in a statement.
AT&T stated the incident has not had a “material impact on AT&T’s operations,” and AT&T does not consider that the incident is “reasonably likely to materially impact AT&T’s financial condition or results of operations.”
The Cybersecurity and Infrastructure Security Agency (CISA) said in a statement they are aware of the incident and are cooperating with AT&T and other government agencies to evaluate the effect of the breach. CISA is the cybersecurity arm of the Department of Homeland Security.
“As always, CISA urges all organizations to enforce stringent security measures, including multifactor authentication. We will continue to monitor and provide guidance or assistance, as needed,” the statement added.
John Scott-Railton, a senior researcher at the University of Toronto‘s Citizen Lab, which concentrates on communications technology and security, called the hack a “megabreach,” stressing that metadata stolen at this scale can be a primary national security threat not to mention a problem for businesses and individuals.
“These are incredibly sensitive pieces of personal information and, when taken together at the scale of information that appears to be included in this AT&T breach, they present a massive NSA-like window into Americans’ activity,” Scott-Railton said, pointing to the leaks by Edward Snowden that exposed the National Security Agency‘s bulk collection of metadata.
Thomas Rid, a professor of strategic studies and the director of the Alperovitch Institute for Cybersecurity Studies at Johns Hopkins University, warned that more needs to be discovered about what the hackers took from AT&T to get a complete picture of the threat.
Follow CyberWar.news for more stories about hackers stealing data from private and government companies.
