Massive AT&T data breach hits 109 million customers — call logs and text messages stolen by hackers

An AT&T store with people walking in front of it
(Image credit: Shutterstock)

AT&T is the latest major company to fall victim to a massive data breach after customer data was stolen from an online database associated with its Snowflake account.

As reported by BleepingComputer, the call and text records of 109 million of the company’s customers or nearly all of its mobile subscribers were stolen by hackers between April 14 and April 25th of this year. However, it’s not just AT&T users who are affected but also Cricket, Boost Mobile and Consumer Cellular customers as well since these companies also use the carrier’s mobile network.

In a Form 8-K filing with the U.S. Securities and Exchange Commission (SEC), AT&T revealed that the stolen data includes mobile and landline telephone numbers, the number of calls and text messages sent over the network, aggregate call duration for a day or month and a subset of records containing one or more cell site identification numbers.

Fortunately though, sensitive personal data such as customer names, Social Security numbers and dates of birth were not exposed as a result of this breach. However, the logs accessed by the hackers behind the breach do contain enough communications metadata to figure out the identities of affected AT&T customers. 

Immediately after identifying the breach, AT&T contacted the FBI to report it and the mobile carrier is now working alongside law enforcement and the U.S. Department of Justice (DOJ) to catch those responsible. In fact, at least one person has already been apprehended as part of the investigation into the matter.

Yet another Snowflake victim

A hacker typing quickly on a keyboard

(Image credit: Shutterstock)

AT&T is the latest company to be added to a growing list of businesses that have suffered a data breach after using Snowflake’s cloud-based data warehouse and analytics platform.

Back in June of this year, the cyber threat intelligence firm Mandiant revealed that a financially motivated threat actor (tracked as UNC5537) was responsible for multiple attacks against Snowflake customers. All of these attacks were possible through the use of stolen Snowflake credentials obtained as a result of info-stealing malware. In the time since, Snowflake has made multi-factor authentication (MFA) mandatory for all of its customers to prevent further data breaches through its platform going forward.

In addition to AT&T, Ticketmaster, Neiman Marcus, Banco Santander, Advance Auto parts, Pure Storage and Los Angeles Unified have all been hit with similar data breaches as a result of using Snowflake to house their online databases.

How to see if your data was exposed and what to do next

A nervous woman looking at her phone

(Image credit: Shutterstock)

If you’re an AT&T customer worried your call and text logs may have been exposed, there are some steps you can take right now to see if you’re affected by this breach.

While the mobile carrier says that it will contact all affected customers by text, email or through the mail, this support document recommends that you also check your myAT&T account here. Likewise, there it also contains links for business customers as well as FirstNet users.

As with all data breaches, the biggest threat for AT&T users are phishing attacks and online fraud. Now that hackers could figure out your identity, they might try to reach out to you posing as AT&T. As such, you need to be extra careful when checking your inbox and messages.

You should avoid clicking on links or downloading attachments if a message from an unknown sender arrives in your inbox or over text. Hackers often set up fake pages as means to steal your credentials, credit card data and other sensitive info. For this reason, you want to go directly to AT&T’s page instead of clicking on any links that claim to take you to it.

While companies often provide free access to the best identity theft protection services after a data breach, AT&T hasn’t yet in this case. That could change in the future but given as call and text records instead of personal information were exposed, this seems rather unlikely.

We’ll be following this story closely and will update it accordingly as we learn more about this massive data breach and others like it.

More from Tom's Guide

Network
Arrow
Intego
Norton
Contract Length
Arrow
Showing 2 of 2 deals
Filters
Arrow
TOPICS
Anthony Spadafora
Managing Editor Security and Home Office

Anthony Spadafora is the managing editor for security and home office furniture at Tom’s Guide where he covers everything from data breaches to password managers and the best way to cover your whole home or business with Wi-Fi. He also reviews standing desks, office chairs and other home office accessories with a penchant for building desk setups. Before joining the team, Anthony wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.