Snowflake hack intensifies as AT&T text and call data stolen

• Massive AT&T data breach linked to Snowflake hack exposes months of customer call and text records.
• Snowflake faces reputational damage as the fallout from a widespread cybersecurity breach spreads to other major companies.

OUR TAKE
The recent Snowflake cybersecurity breach has resulted in a significant data theft from AT&T, with almost half a year’s worth of call and text data from virtually its entire wireless user base. The incident, which was announced in May, has since spread to other high-profile customers, including Ticketmaster and LendingTree. While Snowflake’s rapid response and implementation of new security measures are commendable, the incident highlights the ongoing challenges and complexities of protecting customer data in a hyper-connected digital environment.
–Heidi Luo, BTW reporter

What happened

US telecoms giant AT&T company has suffered a major data breach after hackers gained access to six months’ worth of call and text data for almost all of its wireless customers. The breach, which was announced in May and confirmed by Snowflake on Friday, was part of a larger cyber-attack campaign targeting Snowflake’s data warehouse.

The breach was caused by weaknesses in Snowflake’s security, exacerbated by inadequate protection by its customers, including AT&T. The incidents occurred in multiple locations, affected several high-profile companies and exposed sensitive customer information.

Following the breach, it was revealed that the stolen data included highly sensitive information, with AT&T suffering the most damage among other affected companies such as Live Nation and ticketmaster and LendingTree. Snowflake confirmed the link between the wider breach and the specific incident involving AT&T.

The situation has attracted considerable attention from cybersecurity experts and industry analysts, who have criticised the security lapses that allowed such a breach to occur. Snowflake placed some of the blame on its customers, including AT&T, for failing to adequately secure their data, which led to a widespread re-evaluation of data protection practices across the industries involved.

Also read: Cybersecurity incident at HubSpot: A wake-up call for businesses

Also read: Protecting your data in the digital age: The most pressing cybersecurity threats

Why it’s important

The impact of the breach goes beyond financial losses, it poses significant national security risks. Because the compromised data includes sensitive information about individuals’ locations and communications, it could potentially affect politicians, executives and journalists involved in sensitive matters.

This type of breach highlights the vulnerability of personal data and the potential for misuse in national security scenarios. According to cybersecurity firm Mandiant, the hacking group responsible has links to North America and Turkey.

The breach has also attracted the attention of federal authorities, including the Federal Communications Commission and the US Cybersecurity and Infrastructure Security Agency.

“Between companies failing to protect consumers’ privacy and executive agencies neglecting to secure our critical infrastructure, one thing is clear: we ought to be prioritizing our cyber defenses starting yesterday,” said US senator Chuck Grassley, the Republican from Iowa. “From where I’m sitting, the to-do list on cyber gets longer and more urgent with each passing day.”