AT&T admits customer call and text data breached in cloud hack

US telco AT&T has revealed that “nearly all” of its customers’ calls and texts could be in the hands of hackers due to a breach of its cloud provider.

Customers affected include those on mobile virtual network operators that use the AT&T network such as Cricket, Boost Mobile, and Consumer Cellular.

Data from between May 1^st, 2022, and October 31^st, 2022, may have been exposed, as well as records from a “very small number” of customers on January 2^nd, 2023.

The attackers obtained the information through the firm’s cloud provider, Snowflake, AT&T’s spokesperson Alex Byers told The Verge.

The telecoms firm knew of the breach in April, but an FBI spokesperson reported to TechCrunch that itself, AT&T, and the Department of Justice “agreed to delay notifying the public and customers on two occasions, citing ‘potential risks to national security and/or public safety.’”

According to Byers, the stolen data includes phone numbers customers interacted with, counts of those calls/texts and total call durations for specific days or months.

It does not include the content of the calls or texts, time stamps, or Social Security numbers, dates of birth, or other identifiable information – however, a name can be matched to a phone number by simple actions taken with online tools.

AT&T said in a blog post that it does not “believe that the data is publicly available” and it has “taken steps to close off the illegal access point.”

“We will provide notice to current and former customers whose information was involved along with resources to help protect their information,” AT&T added.

“We sincerely regret this incident occurred and remain committed to protecting the information in our care.”

Recently, TI spoke to fintech platform Soldo on how it uses observability to make its cloud more secure: read here.