The Sweeping Hazard of the AT&T Cellphone Data Breach

From focused wiretaps to bulk surveillance dragnets, telephone corporations have been on the heart of privateness issues for many years—and their time within the limelight is not over but. On Friday, telecom big AT&T introduced that it not too long ago suffered an information breach impacting name and textual content messaging data of “practically all” its prospects. The corporate is within the technique of notifying about 110 million those that they had been affected.

AT&T mentioned in a US Securities and Trade Fee submitting that it realized concerning the information breach on April 19. Attackers exfiltrated information between April 14 and April 25. The corporate mentioned in its SEC submission that the US Justice Division approved delayed disclosure of the breach on Might 9 and once more on June 5, pending investigation. AT&T added that it’s “working with legislation enforcement in its efforts to arrest these concerned within the incident.” Thus far, “no less than one particular person has been apprehended.”

“Yeah, that is actually dangerous,” says Jake Williams, vice chairman of analysis and growth on the cybersecurity consultancy Hunter Technique. “What the menace actors stole listed here are primarily name information data. These are a gold mine in intelligence evaluation as a result of they permit somebody to know networks—who’s speaking to whom and when. And menace actors have information from earlier compromises to map telephone numbers to identities. However even with out figuring out information for a telephone quantity, closed networks—the place numbers solely talk with others in the identical community—are virtually all the time fascinating.”

The incident is important not solely due to its sheer scale and attain however as a result of AT&T says it’s the newest in a staggering spate of knowledge thefts that resulted from attackers compromising organizations’ Snowflake cloud accounts. Snowflake is an information warehousing platform, and attackers collected its prospects’ account credentials in latest months to steal tons of of tens of millions of data from about 165 Snowflake purchasers, together with Ticketmaster, Santander financial institution, and LendingTree’s QuoteWizard.

The AT&T information is from each landline and mobile accounts and spans Might 1, 2022, to October 31, 2022. A smaller, undisclosed variety of individuals additionally had data from January 2, 2023, stolen within the breach. The corporate mentioned on Friday that the info trove “doesn’t include the content material of calls or texts” and doesn’t embody the date and time of communications. However attackers did make off with telephone numbers and a large quantity of so-called “metadata” about calls and texts, together with who contacted whom, name durations, and tallies of a buyer’s whole calls and texts. The trove additionally contains some cell web site identification numbers—primarily cell tower information that can be utilized to approximate a cellphone’s location when it made or obtained a name or textual content.

The information contains some data of people who find themselves prospects of telephone carriers—often known as “cellular digital community operators”—that contract with AT&T to make use of the bigger firm’s networks and infrastructure for his or her service. And, crucially, the stolen trove exposes individuals who don’t have any relationship with AT&T once they communicated with an AT&T buyer in the course of the related time spans.