AT&T’s 109M customer accounts are breached

AT&T’s 109M customer accounts are breached is profiled by BTW Media because published evidence links it to internet infrastructure, governance, operational dependencies, or market visibility.

• AT&T says data from 109 million US consumer accounts were illegally downloaded in April, involving records of calls and texts from 2022.
• The data breach is not the first case, showing the fragility of cybersecurity, even in the industry giants. The ongoing risk to consumer privacy cries out for more stringent regulation.

OUR TAKE
The breach of AT&T data indicates the fragility of digital privacy. With 109 million customer accounts hacked, it’s evident that even industry giants are failing to safeguard clients’ personal information. It’s high time to demand stringent regulations and hold these corporations accountable. Data can be a precious commodity, and its protection should be non-negotiable.
–Ashley Wang, BTW reporter

What happened

AT&T disclosed on Friday that it has been hacked, with data from approximately 109 million customer accounts being illegally downloaded in April. This breach involved records of calls and texts from 2022, excluding the content of these communications or sensitive personal information such as social security numbers.

The FBI is currently investigating the incident, and at least one arrest has been made. AT&T delayed public disclosure of the incident at the request of the Justice Department to facilitate the investigation. The Federal Communications Commission (FCC) has also launched its own investigation.

AT&T became aware of the hack on 19 April after a hacker claimed to have accessed and copied AT&T call logs. The company’s investigation revealed that the data was unlawfully exfiltrated between 14 and 25 April. These records not only identify the telephone numbers with which a wireless number interacted but also aggregate call duration and, in some cases, include cell site identification numbers.

Also read: AT&T’s ORAN shift: A game-changer for telecom giants

Also read: Huawei Builds $1.4B Shanghai centre as chip war heats up

Why it’s important

The data breach is particularly concerning because it encompasses call and text records of nearly all AT&T’s cellular and landline customers interacting with these numbers between May and October 2022. Additionally, records from 2 January 2023 for a small number of customers were also compromised. The data was illicitly copied from AT&T’s workspace on a third-party cloud platform, highlighting vulnerabilities in cloud security.

This incident is part of a troubling trend of large-scale data breaches affecting millions of Americans. It follows a ransomware attack on UnitedHealth Group’s Change Healthcare unit in February, which potentially exposed the private data of about one-third of the US population. AT&T has since closed the point of unlawful access and asserts that the data is not publicly available. However, this breach underscores the persistent risks associated with data security and the potential impact on consumer privacy.