AT&T Confirms Data Breach Affecting Nearly All Wireless Customers
What data did AT&T confirm was accessed by threat actors?
AT&T confirmed that threat actors accessed data belonging to "nearly all" of its wireless customers, including customers of mobile virtual network operators using AT&T's wireless network2. The accessed data comprises telephone numbers with which an AT&T or MVNO wireless number interacted, counts of those interactions, and aggregate call duration for a day or month. A subset of these records also contained one or more cell site identification numbers, potentially allowing the threat actors to triangulate the approximate location of a customer when a call was made or a text message was sent.
How did threat actors access AT&T's data?
Threat actors unlawfully accessed an AT&T workspace on a third-party cloud platform, Snowflake, and exfiltrated files containing AT&T records of customer call and text interactions between May 1 and October 31, 2022, as well as on January 2, 2023. The breach has been attributed to a financially motivated threat actor dubbed UNC5537.
Which AT&T customer information was involved in the breach?
The AT&T data breach involved customer call and text interaction records from May 1, 2022, to October 31, 2022, and on January 2, 2023. The exposed data includes telephone numbers, counts of interactions, and aggregate call duration for a day or month. A subset of these records also contained one or more cell site identification numbers, potentially revealing the approximate location of a customer when a call was made or a text message was sent.