AT&T data breach impacts 109 million customers

AT&T has confirmed a massive data breach, with call logs of approximately 109 million customers stolen from an online database on the company’s Snowflake account. The breach occurred between 14 April and April 25, 2024, and affects nearly all of AT&T’s mobile customers. The stolen data includes call and text records from May 1 to 31 October, 2022, and January 2, 2023.

The stolen information includes telephone numbers of AT&T wireline customers and other carriers, numbers interacting with AT&T or MVNO wireless numbers, interaction counts, and aggregate call durations. Cell site identification numbers were also exposed to some records. While the records did not contain sensitive personal information like customer names or Social Security numbers, the communications metadata can potentially be used to derive identities.

After discovering the breach, AT&T collaborated with cybersecurity experts and law enforcement, including the FBI and the Department of Justice. Public notification was delayed twice due to potential national security risks. AT&T has since implemented additional cybersecurity measures and plans to notify affected customers. The company states that there is no evidence the accessed data has been made publicly available and that this incident is unrelated to the 2021 data breach impacting 51 million customers.

The breach adds AT&T to a growing list of high-profile victims, including T-Mobile, which suffered multiple data breaches. Snowflake, the cloud-based database provider used by AT&T, has introduced mandatory multi-factor authentication to prevent future breaches.