US



US
BigGo MagAbout UsJoin usContact UsUser TermsSupport Center
© 2024 BigGo
Install
BigGo Shopping Assistant
News
Tech
Security
Company

AT&T Data Breach Exposes Millions, Senators Demand Answers on Data Retention

BigGo Editorial Team
AT&T Data Breach Exposes Millions, Senators Demand Answers on Data Retention

AT&T Data Breach Exposes Millions, Senators Demand Answers on Data Retention

In a significant cybersecurity incident, AT&T has faced a major data breach affecting over 100 million customers, including those of its Mobile Virtual Network Operators (MVNOs) such as Boost Mobile, Cricket Wireless, and Straight Talk. The breach, which occurred through AT&T's third-party cloud provider Snowflake, has raised serious concerns about data privacy and retention practices.

The iconic AT&T logo, representing the telecommunications giant at the center of a major data breach affecting millions of customers
The iconic AT&T logo, representing the telecommunications giant at the center of a major data breach affecting millions of customers

Breach Details and Impact

The hackers gained access to customer records stored on Snowflake's servers between April 14 and April 25, 2023. The stolen data included:

  • Records of customer calls and texts from May 1 to October 31, 2022
  • Phone numbers involved and call durations
  • Cell site identification numbers from January 2, 2023

While AT&T claims that no sensitive information like Social Security numbers or call/text contents were exposed, security experts warn that the stolen data could still be used for malicious purposes such as:

  • Phishing attacks
  • Identity theft
  • Location tracking through cell site triangulation

AT&T's Response and Ransom Payment

In an unusual move, AT&T reportedly paid a ransom of 5.7 bitcoins (valued at over $370,000) to one of the hackers to delete the stolen records. The company received video proof of the deletion but experts remain skeptical about the effectiveness of this approach.

Senators Demand Answers

U.S. Senators Richard Blumenthal (D-Conn.) and Josh Hawley (R-Mo.) have sent letters to AT&T and Snowflake seeking clarification on several key issues:

  1. Why AT&T retained months of detailed customer communication records
  2. The purpose of uploading sensitive information to a third-party analytics platform
  3. AT&T's data retention policies and timelines
  4. How the hackers accessed the Snowflake workspace
  5. A full account of the stolen data and its impact on customer privacy

AT&T's Data Practices and Snowflake Usage

AT&T has defended its use of cloud services like Snowflake, stating that they are essential for:

  • Centralized data analysis
  • Network planning
  • Capacity utilization
  • Developing new services

However, the breach has revealed potential security lapses, including:

  • Outdated passwords
  • Lack of firewall access
  • Absence of multifactor authentication

Ongoing Investigations and Customer Notifications

AT&T has closed the access point used by the hackers and is in the process of notifying affected customers. The FBI and the Federal Communications Commission (FCC) are currently investigating the breach.

As this situation continues to unfold, customers of AT&T and its associated MVNOs are advised to remain vigilant against potential phishing attempts and to monitor their accounts for any suspicious activity.

Related News
Apple Pencil Pro: Advanced Features at a New Low Price on Amazon
Yesterday
Google Challenges Court Ruling on App Store Competition: What's at Stake?
6 days ago
Data Broker National Public Data Collapses After Massive Breach Exposes Billions
6 days ago
Internet Archive Hit by Major Data Breach and DDoS Attacks
6 days ago
Leaked M4 MacBook Pro Appears for Sale on Russian Marketplace at $7,500
6 days ago