Surprise. Surprise. AT&T has revealed a massive hack of customer data for the second time this year. This latest batch of customer data includes “records of customer call and text interactions” that occurred “between approximately May 1 and October 31, 2022, as well as on January 2, 2023,” the company wrote in a regulatory filing Friday.
AT&T said the data does not include “content of calls or texts, personal information such as Social Security numbers, dates of birth, or other personally identifiable information,” but noted the data does include “periods of time, records of calls and texts of nearly all of AT&T’s wireless customers and customers of mobile virtual network operators (“MVNO”) using AT&T’s wireless network.”
The filing explained that hackers “unlawfully accessed an AT&T workspace on a third-party cloud platform and, between April 14 and April 25, 2024.” As of the date of this filing, AT&T said, “At least one person has been apprehended.”
According to a Bloomberg report, the third-party cloud platform that the hackers accessed to steal the data is Snowflake.
In markets, AT&T shares fell 3%, while Snowflake shares dropped 5%.
AT&T does not believe the data has been leaked on the dark web yet. Bloomberg pointed out:
While much remains unknown about the breach, it has the potential — if the data is released — to be devastating for some customers. That includes anyone who doesn’t want others knowing who they are calling, such as politicians, executives, activists, journalists and their sources.
We reported on March 31 that the personal data of 73 million AT&T accounts were leaked onto the dark web. Much of the data appeared to be from 2019 or earlier.