From targeted wiretapping to mass surveillance raids, phone companies have been at the center of privacy concerns for decades—and their time in the spotlight isn’t over yet. On Friday, telecom giant AT&T announced The company recently suffered a data breach that affected the call and text message records of “nearly all” of its customers. The company is in the process of notifying about 110 million people that they were affected.
AT&T said in a filing with the U.S. Securities and Exchange Commission submit AT&T said it learned of the data breach on April 19. The attackers stole data between April 14 and April 25. The company said in its SEC filing that the U.S. Department of Justice granted it a delay in disclosing the breach on May 9 and again on June 5, pending an investigation. AT&T added that it is “working with law enforcement in efforts to apprehend those involved in the incident.” To date, “at least one person has been arrested.”
“Yeah, it’s really bad,” said Jake Williams, vice president of research and development at cybersecurity consultancy Hunter Strategy. “What the threat actors are stealing here are essentially data records. These are a gold mine for intelligence analysis because they allow someone to understand networks—who’s talking to whom and when. And the threat actors have data from previous breaches to map phone numbers to identities. But even without identifying data for a phone number, closed networks—where numbers only one communicating with others in the same network—almost always fun.”
The incident is significant not only because of its size and scope, but also because AT&T said it was the latest in a series of A series of horrific data thefts stemming from attackers breaching organizations’ Snowflake cloud accounts. Snowflake is a data warehousing platform, and attackers have been harvesting customer account credentials in recent months to stolen hundreds of millions of records from approximately 165 Snowflake customers, including Ticket sellerSantander Bank and LendingTree’s QuoteWizard.
AT&T’s data included both landline and cell phone accounts, spanning from May 1, 2022, to Oct. 31, 2022. A smaller, undisclosed number of records from Jan. 2, 2023, were also stolen in the breach. The company said Friday that the data dump “does not contain the content of calls or text messages” and does not include the dates and times of communications. But the attackers did steal phone numbers and a large amount of so-called “metadata” about calls and texts, including who contacted whom, the duration of the calls, and the total number of calls and texts a customer made and received. The dump also included some mobile location identifiers — essentially cell tower data that can be used to estimate where a phone was when a call or text was made or received.
The data includes some records of people who were customers of phone carriers—known as “mobile virtual carriers”—that contracted with AT&T to use the larger company’s network and infrastructure for their services. And importantly, the stolen data trove revealed people who had no relationship with AT&T when they communicated with AT&T customers during the relevant time period.
