{"id":7830,"date":"2024-07-12T09:50:47","date_gmt":"2024-07-12T16:50:47","guid":{"rendered":"https:\/\/jasonsblog.ddns.net\/?p=7830"},"modified":"2024-07-12T09:57:01","modified_gmt":"2024-07-12T16:57:01","slug":"att-says-criminals-stole-phone-records-of-nearly-all-customers-in-new-data-breach","status":"publish","type":"post","link":"https:\/\/jasonsblog.ddns.net\/index.php\/2024\/07\/12\/att-says-criminals-stole-phone-records-of-nearly-all-customers-in-new-data-breach\/","title":{"rendered":"AT&T Says Criminals Stole Phone Records of \u2018Nearly All\u2019 Customers in New Data Breach"},"content":{"rendered":"\n

I’d be included in this breach as I’m using an AT&T reseller (very cheap MVNO<\/a>), but the interesting question is why was all this data stored in the cloud? Notice these records go back quite a ways too. I wonder if this means I’ll get a few more years of free credit report access and monitoring. I have a 7 year long term fraud alert and lock on my credit reports with free monitoring due to a previous AT&T breach. Of note, banks and credit card companies eager to spy on you will give you free access to credit scores and a credit report per month with whoever they have an agreement with. Also, you can do manual 1 year fraud alerts<\/a> with the big three sharing the alert so you just need to do it with one of the majors. But there is a fourth credit reporting company, Innovis<\/a>, which looks like they have an online fraud alert form now (I think you used to have to mail it in). There is also https:\/\/www.annualcreditreport.com\/index.action<\/a>, where you can get free credit reports from the majors once per year (good way to see all three).<\/p>\n\n\n\n

https:\/\/techcrunch.com\/2024\/07\/12\/att-phone-records-stolen-data-breach\/<\/a><\/p>\n\n\n

<\/div><\/div><\/div>\n\n\n
Stolen data includes millions of AT&T customer phone numbers, calling and text records, and location-related data.<\/h5>\n\n\n\n

By Zack Whittaker<\/p>\n\n\n\n

\"a
Image Credits:<\/strong> Mark Makela \/ Getty Images<\/figcaption><\/figure>\n\n\n\n

U.S. phone giant AT&T confirmed Friday it will begin notifying millions of consumers about a fresh data breach that allowed cybercriminals to steal the phone records of \u201cnearly all\u201d of its customers, a company spokesperson told TechCrunch.<\/p>\n\n\n\n

In a statement, AT&T said that the stolen data contains phone numbers of both cellular and landline customers, as well as AT&T records of calls and text messages \u2014 such as who contacted who by phone or text \u2014 during a six-month period between May 1, 2022 and October 31, 2022. <\/p>\n\n\n\n

AT&T said some of the stolen data includes more recent records from January 2, 2023 for a smaller but unspecified number of customers.<\/p>\n\n\n\n

The stolen data also includes call records of customers with phone service from other cell carriers that rely on AT&T\u2019s network, the company said. <\/p>\n\n\n\n

AT&T said the stolen data \u201cdoes not contain the content of calls or texts,\u201d but does include calling and texting records that an AT&T phone number interacted with during the six-month period, as well as the total count of a customer\u2019s calls and texts, and call durations \u2014 information that is often referred to as metadata. The stolen data does not include the time or date of calls or texts, AT&T said.<\/p>\n\n\n\n

Some of the stolen records include cell site identification numbers associated with phone calls and text messages, information that can be used to determine the approximate location of where a call was made or text message sent.<\/p>\n\n\n\n

In all, the phone giant said it will notify around 110 million AT&T customers of the data breach, company spokesperson Andrea Huguely told TechCrunch. <\/p>\n\n\n\n

AT&T published a website with information for customers<\/a> about the data incident. AT&T also disclosed the data breach in a filing with regulators<\/a> before the market opened on Friday.<\/p>\n\n\n\n

Breach linked to Snowflake<\/h2>\n\n\n\n

AT&T said it learned of the data breach on April 19, and that it was unrelated to its earlier security incident<\/a> in March. <\/p>\n\n\n\n

AT&T\u2019s Huguely told TechCrunch that the most recent compromise of customer records were stolen from the cloud data giant Snowflake during a recent spate of data thefts<\/a> targeting Snowflake\u2019s customers.<\/p>\n\n\n\n

Snowflake allows its corporate customers, like tech companies and telcos, to analyze huge amounts of customer data in the cloud. It\u2019s not clear for what reason AT&T was storing customer data in Snowflake, and the spokesperson would not say.<\/p>\n\n\n\n

AT&T is the latest company in recent weeks to confirm it had data stolen from Snowflake, following Ticketmaster<\/a> and LendingTree subsidiary QuoteWizard<\/a>, and others.<\/p>\n\n\n\n

Snowflake blamed the data thefts on its customers for not using multi-factor authentication to secure their Snowflake accounts, a security feature that the cloud data giant did not enforce or require its customers to use. <\/p>\n\n\n\n

Cybersecurity incident response firm Mandiant, which Snowflake called in to help with notifying customers, later said about 165 Snowflake customers had a \u201csignificant volume of data\u201d stolen from their customer accounts<\/a>. <\/p>\n\n\n\n

Mandiant attributed the breach to an as-yet-uncategorized cybercriminal group tracked only as UNC5537. Mandiant\u2019s researchers say the hackers are financially motivated and have members in North America and at least one member in Turkey. <\/p>\n\n\n\n

Some of the other corporate victims of the Snowflake account thefts had data subsequently published on known cybercrime forums. For AT&T\u2019s part, the company said that it does not believe that the data is publicly available at this time.<\/p>\n\n\n\n

AT&T\u2019s statement said it was working with law enforcement to arrest the cybercriminals involved in the breach. AT&T said that \u201cat least one person has been apprehended.\u201d AT&T\u2019s spokesperson said that the arrested individual was not an AT&T employee, but deferred questions about the alleged criminals to the FBI.<\/p>\n\n\n\n

An FBI spokesperson confirmed to TechCrunch on Friday that that after the phone giant contacted the agency to report the breach, AT&T, the FBI and the Department of Justice agreed to delay notifying the public and customers on two occasions, citing \u201cpotential risks to national security and\/or public safety.\u201d<\/p>\n\n\n\n

\u201cAT&T, FBI, and DOJ worked collaboratively through the first and second delay process, all while sharing key threat intelligence to bolster FBI investigative equities and to assist AT&T\u2019s incident response work,\u201d the FBI spokesperson said.<\/p>\n\n\n\n

The FBI did not comment on the arrest of one of the alleged cybercriminals.<\/p>\n\n\n\n

This is the second security incident AT&T has disclosed this year<\/a>. AT&T was forced to reset the account passcodes of millions of its customers after a cache of customer account information \u2014 including encrypted passcodes for accessing AT&T customer accounts \u2014 was published on a cybercrime forum. A security researcher told TechCrunch at the time that the encrypted passcodes could be easily decrypted, prompting AT&T to take precautionary action to protect customer accounts<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

I’d be included in this breach as I’m using an AT&T reseller (very cheap MVNO), but the interesting question is why was all this data stored in the cloud? Notice these records go back quite a ways too. I wonder if this means I’ll get a few more years of free credit report access and […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,7],"tags":[],"class_list":["post-7830","post","type-post","status-publish","format-standard","hentry","category-tech","category-world"],"blocksy_meta":[],"featured_image_src":null,"author_info":{"display_name":"Jason","author_link":"https:\/\/jasonsblog.ddns.net\/index.php\/author\/jturning\/"},"_links":{"self":[{"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/posts\/7830","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/comments?post=7830"}],"version-history":[{"count":4,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/posts\/7830\/revisions"}],"predecessor-version":[{"id":7835,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/posts\/7830\/revisions\/7835"}],"wp:attachment":[{"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/media?parent=7830"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/categories?post=7830"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/tags?post=7830"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}