The Sweeping Danger of the AT&T Phone Records Breach

From targeted wiretaps to bulk surveillance dragnets, telephone companies person been astatine the halfway of privateness concerns for decades—and their clip successful the limelight isn't implicit yet. On Friday, telecom elephantine AT&T announced that it precocious suffered a information breach impacting telephone and substance messaging records of “nearly all” its customers. The institution is successful the process of notifying astir 110 cardinal radical that they were affected.

AT&T said successful a US Securities and Exchange Commission filing that it learned astir the information breach connected April 19. Attackers exfiltrated information betwixt April 14 and April 25. The institution said successful its SEC submission that the US Justice Department authorized delayed disclosure of the breach connected May 9 and again connected June 5, pending investigation. AT&T added that it is “working with instrumentality enforcement successful its efforts to apprehension those progressive successful the incident.” So far, “at slightest 1 idiosyncratic has been apprehended.”

“Yeah, this is truly bad,” says Jake Williams, vice president of probe and improvement astatine the cybersecurity consultancy Hunter Strategy. “What the menace actors stole present are fundamentally telephone information records. These are a golden excavation successful quality investigation due to the fact that they let idiosyncratic to recognize networks—who is talking to whom and when. And menace actors person information from erstwhile compromises to representation telephone numbers to identities. But adjacent without identifying information for a telephone number, closed networks—where numbers only pass with others successful the aforesaid network—are astir ever interesting.”

The incidental is important not lone due to the fact that of its sheer standard and scope but due to the fact that AT&T says it is the latest successful a staggering spate of information thefts that resulted from attackers compromising organizations’ Snowflake unreality accounts. Snowflake is simply a information warehousing platform, and attackers collected its customers’ relationship credentials successful caller months to steal hundreds of millions of records from astir 165 Snowflake clients, including Ticketmaster, Santander bank, and LendingTree’s QuoteWizard.

The AT&T information is from some landline and cellular accounts and spans May 1, 2022, to October 31, 2022. A smaller, undisclosed fig of radical besides had records from January 2, 2023, stolen successful the breach. The institution said connected Friday that the information trove “does not incorporate the contented of calls oregon texts” and does not see the day and clip of communications. But attackers did marque disconnected with telephone numbers and a monolithic magnitude of alleged “metadata” astir calls and texts, including who contacted whom, telephone durations, and tallies of a customer’s full calls and texts. The trove besides includes immoderate compartment tract recognition numbers—essentially compartment operation information that tin beryllium utilized to approximate a cellphone's determination erstwhile it made oregon received a telephone oregon text.

The information includes immoderate records of radical who are customers of telephone carriers—known arsenic “mobile virtual web operators”—that declaration with AT&T to usage the larger company's networks and infrastructure for their service. And, crucially, the stolen trove exposes radical who person nary narration with AT&T erstwhile they communicated with an AT&T lawsuit during the applicable clip spans.