The New York Times reported today that AT&T disclosed a significant data breach affecting nearly all of its customers. The breach occurred between April 14 and April 25, 2024, when threat actors unlawfully accessed an AT&T workspace on a third-party cloud platform. The stolen data included records of customer call and text interactions from May 1, 2022, to October 31, 2022, and on January 2, 2023. This data included telephone numbers, counts of interactions, and aggregate call durations, potentially allowing the threat actors to triangulate customer locations. AT&T has alerted current and former customers and is working with law enforcement to apprehend the perpetrators, with at least one individual already captured.
The breach was part of a larger cyber campaign targeting Snowflake, a cloud service provider, which has impacted multiple companies, including Ticketmaster, Santander, Neiman Marcus, and LendingTree. The hackers behind the Snowflake data thefts demanded payments ranging from $300,000 to $5 million in exchange for the stolen data. AT&T emphasized that the accessed information does not include the content of calls or texts and does not include personal information such as Social Security numbers or dates of birth. The company is urging customers to be cautious of phishing and smishing attempts and to only open text messages from trusted senders.
Faction’s Take
This is not ‘News’, but rather an update on what was reported earlier. It does include an admission by AT&T of a much broader set of data that was compromised. This is par for the course and generally a deliberate PR strategy – initial disclosures are almost always partial – and then over time the true extent of breaches are dripped out.
The problem here is not AT&T per se. Gathering and managing vast “lakes’ of customer data – whether PII or their activity – is a necessary part of managing any type of large scale consumer service. These breaches are extremely costly and damaging to the reputation of the company which is attacked – yet they continue to happen over and over. Why is that?
At Faction, we see and speak to what is clear and obvious to anyone can see with their own eyes, and what any industry insider will admit privately: what we are doing in cybersecurity is not working! It is based on a ‘good enough’ approach and a fundamentally flawed foundation that simply cannot match the challenges we face. The attackers have all the advantages, and AI, IOT and the new age of cyberwarfare and cyber terrorism that is upon us is going to make not just obvious, but painful to just about everyone.
