From specifically targeted interceptions to extensive surveillance nets, telecommunications providers have been at the focal point of privacy apprehensions for many years—and their exposure in the spotlight is ongoing. Last Friday, the telecommunications behemoth AT&T disclosed that it recently experienced a breach compromising the records of phone calls and text messages for “virtually all” of its clientele. The corporation is presently in the process of notifying approximately 110 million individuals of the impact.
AT&T mentioned in a submission to the US Securities and Exchange Commission documentation that it became aware of the data breach on April 19. Cyber attackers extracted data between April 14 and April 25. In the SEC filing, the company indicated that the US Justice Department sanctioned the delayed disclosure of the breach on May 9 and subsequently on June 5, pending further investigation. AT&T also stated that it is collaborating with law enforcement to capture those implicated in the incident. Presently, “at least one individual has been detained.”
“Yes, this presents a grave situation,” expressed Jake Williams, the vice president of research and development at the cybersecurity firm Hunter Strategy. “The information taken by the threat actors essentially comprises call data records. These records serve as a valuable resource in intelligence analysis as they provide insight into networks—revealing who communicates with whom and when. Additionally, threat actors possess data from prior breaches to connect phone numbers to specific individuals. Yet, even minus identifying details for a phone number, closed networks—where numbers communicate solely with others within the same network—are consistently intriguing.”
The occurrence is notable not solely for its immense scope and impact but because AT&T asserts it represents the most recent in a striking succession of data breaches stemming from infiltrations of organizations’ Snowflake cloud accounts. Snowflake acts as a data warehousing platform, and malefactors obtained credentials from its customers in recent months to pilfer hundreds of millions of records from around 165 Snowflake clients, encompassing entities like Ticketmaster, Santander bank, and LendingTree’s QuoteWizard.
The compromised AT&T data incorporates both traditional landline and cellular accounts, stretching from May 1, 2022, to October 31, 2022. A smaller, undisclosed group of individuals also had their records from January 2, 2023, snatched in the breach. On Friday, the company clarified that the data hoard “lacks the actual content of calls or texts” and excludes timestamps of communications. Nonetheless, malefactors absconded with phone numbers and a substantial quantity of “metadata” concerning calls and texts, encompassing the identity of communication parties, call durations, and tallies of a client’s aggregate calls and texts. The hoard also comprises certain cell site identification numbers—essentially data from cell towers that can be utilized to approximate the location of a cellphone when either placing or receiving a call or text.
The data comprises certain records of individuals who are patrons of “mobile virtual network operators”—these are firms that contract with AT&T to leverage the company’s networks and infrastructure for their services. Crucially, the pilfered compilation exposes individuals who lack any affiliation with AT&T when they interacted with an AT&T client during the relevant duration.