Topics
Latest
AI
Amazon
Image Credits:Mark Makela / Getty Images
Apps
Biotech & Health
Climate
Image Credits:Mark Makela / Getty Images
Cloud Computing
Commerce
Crypto
Enterprise
EVs
Fintech
Fundraising
Gadgets
gage
Government & Policy
Hardware
Layoffs
Media & Entertainment
Meta
Microsoft
concealment
Robotics
Security
societal
Space
Startups
TikTok
transport
speculation
More from TechCrunch
Events
Startup Battlefield
StrictlyVC
Podcasts
Videos
Partner Content
TechCrunch Brand Studio
Crunchboard
Contact Us
Stolen data includes millions of AT&T customer phone numbers, calling and text records, and location-related data
U.S. phone giant AT&T support Friday it will start out give notice million of consumers about a sweet information rupture that allow cybercriminals to slip the phone phonograph recording of “ nearly all ” of its client , a company spokesperson told TechCrunch .
In a statement , AT&T said that the steal data contains telephone number of both cellular and landline customers , as well as AT&T records of calls and text content — such as who contacted who by earphone or schoolbook — during a six - calendar month full point between May 1 , 2022 and October 31 , 2022 .
AT&T said some of the stolen data includes more recent disk from January 2 , 2023 for a belittled but unspecified number of customers .
The steal datum also includes call records of customers with phone serve from other cell carriers that rely on AT&T ’s web , the caller said .
AT&T said the stolen datum “ does not contain the subject of calls or texts , ” but does include calling and texting record that an AT&T phone number interacted with during the six - month catamenia , as well as the total counting of a client ’s call and texts , and call durations — information that is often name to as metadata . The steal data does not include the clock time or appointment of outcry or text edition , AT&T said .
Some of the stolen phonograph recording include jail cell site designation numbers associate with sound claim and textual matter messages , information that can be used to determine the approximate location of where a call was made or text subject matter sent .
In all , the phone giant said it will notify around 110 million AT&T client of the data breach , company spokesperson Andrea Huguely tell TechCrunch .
AT&T publisheda website with information for customersabout the data incident . AT&T also let out the data point breach ina filing with regulatorsbefore the grocery store open on Friday .
Breach linked to Snowflake
AT&T tell it learned of the data point breach on April 19 , and that it wasunrelated to its earlier surety incidentin March .
AT&T ’s Huguely told TechCrunch that the most recent compromise of customer record were stolen from the cloud information behemoth Snowflakeduring a recent spate of data theftstargeting Snowflake ’s customers .
Snowflake appropriate its corporate customers , like technical school society and telcos , to analyze immense sum of money of client data in the cloud . It ’s not clear for what understanding AT&T was storing client datum in Snowflake , and the spokesperson would not say .
AT&T is the latest company in late weeks to confirm it had data stolen from Snowflake , follow TicketmasterandLendingTree subsidiary QuoteWizard , and others .
snow bunting charge the data thefts on its client for not using multi - factor authentication to secure their Snowflake accounts , a security feature that the cloud datum giant did not apply or require its customer to utilize .
Cybersecurity incident response firm Mandiant , which Snowflake called in to help with notifying customers , subsequently saidabout 165 Snowflake customers had a “ significant volume of data ” slip from their client accounts .
Mandiant attributed the rupture to an as - yet - uncategorized cybercriminal group tracked only as UNC5537 . Mandiant ’s researchers say the cyber-terrorist are financially motivated and have members in North America and at least one fellow member in Turkey .
Some of the other incarnate victims of the Snowflake chronicle thefts had information subsequently published on known cybercrime forums . For AT&T ’s part , the company said that it does not believe that the data is publicly available at this time .
AT&T ’s command said it was working with police force enforcement to arrest the cybercriminals regard in the breach . AT&T state that “ at least one someone has been apprehended . ” AT&T ’s voice say that the halt individual was not an AT&T employee , but deferred questions about the alleged felon to the FBI .
An FBI interpreter confirmed to TechCrunch on Friday that after the phone giant meet the agency to report the breach , AT&T , the FBI and the Department of Justice agreed to delay notifying the populace and customers on two occasion , summons “ potential risks to national security and/or public refuge . ”
“ AT&T , FBI , and DOJ worked collaboratively through the first and 2nd delay process , all while sharing key menace intelligence to bolster FBI investigative equities and to assist AT&T ’s incident answer work , ” the FBI spokesperson said .
The FBI did not notice on the arrest of one of the alleged cybercriminals .
This isthe second surety incident AT&T has disclosed this year . AT&T was forced to readjust the account passcodes of trillion of its customers after a cache of client account information — include cypher passcodes for accessing AT&T customer account — was published on a cybercrime assembly . A surety researcher tell TechCrunch at the time that the encrypt passcodes could be easily decrypted , prompting AT&T totake precautional action to protect customer accounts .
Read more on TechCrunch :
update with remark from the FBI .
