The mobile provider AT&T disclosed on Friday that a hacker has downloaded call and text message data of its customers. This raises questions about how it could affect the millions of customers of the company.
In a statement to the US Securities and Exchange Commission (SEC), AT&T reported that the company learned in April about someone who claimed to have accessed customer data. The stolen data mostly dated from 2022 and affected nearly all of AT&T's wireless customers. The company has nearly 90 million mobile subscribers.
Although the hacked datasets did not contain names, they did have phone numbers that could be linked to the owners through public databases. Some customers fear that this information could be used to uncover business deals, secret meetings, or romantic affairs.
What AT&T Customers Should Know About the Hack:
The hacker stole AT&T data that was accessible through a cloud platform of an external company. The data did not include call or text message contents nor personal information such as birth dates and Social Security numbers.
The stolen data showed the phone numbers a customer had contacted between around May and October 2022 and on January 2, 2023, according to AT&T. The records also included information about how often these numbers were contacted and the total duration of the calls over time. Some of the data contained details about cell tower locations that could be used to determine the users' locations.
AT&T stated that it does not believe the data has been leaked to the public.
The authorities linked the AT&T breach to John Binns, an American hacker who claimed responsibility for a massive data theft at T-Mobile in 2021, according to a person familiar with the matter. Binns moved to Turkey a few years ago. Neither he nor his lawyer was immediately available for comment.
The connection between the AT&T attack and Binns was previously reported by 404 Media.
AT&T stated that at least one person has been arrested in connection with the hack and that it is cooperating with law enforcement to arrest the individuals involved.
AT&T learned on April 19 of this year that someone claimed to have accessed customer data. The company investigated the claim and believes that the stolen data was accessed between April 14 and April 25.
A spokesperson for the Justice Department stated that the company reported the incident shortly after it became known. The authorities withheld disclosure of the hack to support their investigation, according to the FBI.
AT&T said the hack affected almost all of its wireless customers. A customer was likely affected if they were a subscriber between May and October 2022, the period of the stolen records. The records also include information about landline customers.
The database also could have included some customers of mobile phone brands that use the AT&T network, including Cricket Wireless, Consumer Cellular, and Tracfone.
The mobile network provider explained that it would notify affected customers by text, email, or post.
Affected AT&T subscribers, including former customers, can request the company to send them the illegally downloaded phone numbers from their records by December. More information is available on the AT&T website.
AT&T stored the data with the database service Snowflake. Customers who entrust their data to their mobile service provider must also trust the security of each cloud company used by it. The layers of third-party software that companies use can make data breaches more likely.
Sure, here's the translation of the heading:
"A spokesperson for Snowflake referred to an earlier statement by the company's head of security, who said the company had found no evidence that a recent increase in threats to customer accounts was caused by a vulnerability, misconfiguration, or breach of the Snowflake platform. The company stated that it is improving its customers' ability to add protective measures such as multi-factor authentication to their accounts by default.
Other major Snowflake customers, including Santander Bank and Ticketmaster, have also reported data breaches in recent weeks.
