AT&T disclosed immediately that knowledge from “practically all” of its prospects from Might 1, 2022 to October 31, 2022 and on January 2, 2023 was exfiltrated to a third-party platform in April 2024. Clients whose knowledge was uncovered might be knowledgeable. AT&T stated the entry level by way of which the cyberattack was carried out has been secured, and the information is now not obtainable.
Menace actor accessed cellphone numbers and name durations
In response to AT&T, the risk actor accessed cellphone name and textual content message data, together with which cellphone numbers prospects interacted with and, in some circumstances, cell website ID numbers. The leak included each cell and landline prospects.
The attackers might see “counts of these calls or texts and whole name durations for particular days or months,” AT&T stated in a discover to prospects, however not the content material of these calls or texts. Personally identifiable data like Social Safety numbers or dates of beginning wasn’t included both. Nevertheless, the corporate famous risk actors could possibly use cellphone numbers to search out the names of the individuals who use them.
AT&T noticed the assault in April
AT&T first grew to become conscious of the assault on April 19 after “a risk actor claimed” to have accessed the information, in accordance with AT&T’s SEC submitting concerning the incident.
SEE: On July 4, a separate cyberattack compromised practically ten billion passwords for on-line accounts.
In response to The Verge, the risk actor accessed the information by way of Snowflake, the information warehousing platform that was additionally utilized in a cyberattack in June.
One individual has been apprehended by legislation enforcement in reference to the cyberattack, AT&T stated within the discover.
AT&T disclosed the breach to the SEC utilizing the comparatively new Kind 8-Ok. Carried out in December 2023, the SEC requires publicly traded organizations that have a cyber incident to report the incident utilizing this way if it’s a “materials” incident. As a part of that disclosure, AT&T predicted that the April cyberattack was not “moderately prone to materially impression AT&T’s monetary situation or outcomes of operations.”
On Might 31, 2024, AT&T disclosed that passwords belonging to 7.6 million prospects had been compromised in a knowledge leak. The 2 assaults don’t look like associated.
Methods to manually examine whether or not your knowledge was affected
AT&T prospects who handle enterprise accounts can examine whether or not their knowledge was affected at myAT&T or the Premier marketing strategy portal. All prospects, together with enterprise accounts and former prospects, can see precisely what data was uncovered about their cellphone quantity by way of a number of choices AT&T presents on its assist web page.
What enterprise leaders can be taught from the AT&T hack
A big breach like it is a good reminder for companies to concentrate on dangers to their third-party distributors and provide chains. Enterprise leaders also needs to take into account safety instruments comparable to endpoint detection and response or safety data and occasion administration and have a restoration and backup plan in place in case their knowledge is stolen.
TechRepublic has reached out to AT&T for extra data.
