THREAT ALERT

AT&T Unlawful Access of Customer Data Incident

Friday, July 12th, 2024

VIEW ALL THREAT ALERTS

Cyber security risk management solutions from DefenseStorm.

News is emerging about AT&T’s disclosure of what they term as ‘Unlawful Access of Customer Data.’  The majority of AT&T customer data was illegally downloaded from their workspace on a third-party cloud platform from May 2022 through October 31, 2022 and on January 2, 2023.

News is emerging about AT&T’s disclosure of what they term as ‘Unlawful Access of Customer Data.’ Initial reports suggest that an overwhelming majority of AT&T’s clientele may have been affected by this incident spanning from May 2022 through October 31, 2022. AT&T has issued a statement on their official website today.

The excerpt below is sourced directly from their online platform and is showing last updated on July 12, 2024:

What Happened

We learned that AT&T customer data was illegally downloaded from our workspace on a third-party cloud platform. We started an investigation and engaged leading cybersecurity experts to help us determine the nature and scope of the issue. We have confirmed the access point has been secured.

Our investigation found that the downloaded data included phone call and text message records of nearly all of AT&T cellular customers from May 1, 2022 to October 31, 2022 as well as on January 2, 2023. These records identify other phone numbers that an AT&T wireless number interacted with during this time, including AT&T landline (home phone) customers. For a subset of the records, one or more cell site ID numbers associated with the interactions are also included.

At this time, we do not believe the data is publicly available. We continue to work with law enforcement in their efforts to arrest those involved. Based on information available to us, we understand that at least one person has been apprehended.

Data Involved

The call and text records identify the phone numbers with which an AT&T number interacted during this period, including AT&T landline (home phone) customers. It also included counts of those calls or texts and total call durations for specific days or months.

We’ll notify current and former customers if their information was involved.

Data That Wasn’t Involved

The downloaded data doesn’t include the content of any calls or texts. It doesn’t have the time stamps for the calls or texts. It also doesn’t have any details such as Social Security numbers, dates of birth, or other personally identifiable information.

While the data doesn’t include customer names, there are often ways to find a name associated with a phone number using publicly available online tools.

What We Are Doing

Protecting your data is one of our top priorities. We have confirmed the affected access point has been secured.

We hold ourselves to a high standard and commit to delivering the experience that you deserve. We constantly evaluate and enhance our security to address changing cybersecurity threats and work to create a secure environment for you. We invest in our network’s security using a broad array of resources including people, capital, and innovative technology advancements.

This is the second time in just a few months of this type of disclosure from ATT.  The last disclosure was in March of 2024 and was reported on in this forum.  That incident involved PII data and possibly passcodes. Please bookmark and/or follow AT&T supports page located at: hxxps://att[.]com/support/article/my-account/000102979  to stay updated on the latest developments regarding this incident. Additionally, for a comprehensive list of ‘Frequently Asked Questions’ pertaining to this matter, please refer to the detailed information available at the provided AT&T URL.”

Recommendations

  • Change your passwords associated with all AT&T accounts.
  • Monitor your accounts for any suspicious activity.
  • Be on high alert for social engineering attacks, phishing and smishing attacks
  • bookmark and/or follow AT&T supports page located at: hxxps://att[.]com/support/article/my-account/000102979
  • In addition to these bullets, AT&T advises the following:
    • Only open text messages from people that you know and trust.
    • Don’t reply to a text from an unknown sender with personal details.
    • Go directly to a company’s website. Don’t use links included in a text message. Scammers can build fake websites using forged company logos, signatures, and styles.
    • Make sure a website is secure by looking for the “s” after the http in the address. You can also look for a lock icon at the bottom of a webpage.

References

hxxps://att[.]com/support/article/my-account/000102979

James Bruhl

James Bruhl

Director of Cyber Threat Intelligence

James Bruhl is the Director of Cyber Threat Intelligence for DefenseStorm. He joined the company with 15 years of experience as a law enforcement officer, bringing extensive experience in crime prevention, evidence collection, investigative techniques, and crisis management. Driven by a passion for technological advancements and the ever-evolving landscape of digital threats, he transitioned to the field of digital forensics, incident response, and cybersecurity. In his role, he honed his skills in analyzing digital evidence, identifying cyber threats, and implementing robust security measures specializing in forensic examinations on various devices to uncover critical information and support investigations. James began at DefenseStorm as a security engineer in 2020 and developed DefenseStorm’s EDR Service. He was then appointed as Director of Cyber Threat Intelligence in 2022 and is responsible for nearly all facets of the EDR service. During his cyber career, James has been instrumental in proactively detecting and responding to cyber incidents and plays a vital role in incident response teams, coordination efforts to mitigate the impact of breaches, vulnerability identification, and strategy implementation to prevent future attacks. He continues to share his expertise by conducting training sessions, participating in conferences, and writing articles on topics related to digital forensics, incident response, and cybersecurity. James holds a bachelor’s in criminal justice from the University of North Georgia and a GCFE certification.