AT&T’s Second Major Data Breach of 2024 Leaked 110 Million Customer Records

by | Jul 18, 2024

Already reeling from a leak of 73 million customer records earlier in the year, AT&T is now dealing with a second massive data breach. This one does not contain as much sensitive personal information, but is nevertheless worrisome in its potential to link individuals to their phone numbers and history of activities.

The current data breach exposed the call records of about 110 million AT&T customers, or about the number of subscribers the company has in the United States. The breach took place this past April, but contains records from a narrow window of May 1 to October 31 2022. Just about anyone who was an AT&T customer during that window can expect to be impacted, however.

Massive AT&T data breach tied to April Snowflake incident

The current data breach is less of an immediate threat than the one that was revealed to the public back in April. That first breach also involved customer records, but also much more sensitive information such as Social Security numbers and dates of birth. The new breach may well result in mass phishing if it makes its way to the dark web, however, and could be used for even more concerning invasions of privacy.

The Justice Department believed that the data breach presented enough of a threat that it asked AT&T to delay its public disclosure for several months (the first time the agency has done this in the name of national security and public safety). Aside from phishing, the biggest threat to the average customer is that their name may be linked to their leaked phone number. This could in turn create a comprehensive record of their communications with other people, at least during the impacted period in 2022. But from a national security perspective, the seemingly simple leak of customer records could be much more damaging if it is used to track the movement and communications of government personnel.

This incident also appears to be the latest development in the ongoing Snowflake saga. The cloud storage provider is thought to have had some 165 downstream breaches of clients, some of which have already involved tens of millions of customer records.  The incident calls to mind last year’s MOVEit data breach, and while that incident involved over 10 times as many clients it has already been dwarfed by this one in terms of overall exposed record count.

Text messages not exposed in customer records leak

The contents of calls and text messages were not exposed, but if the customer records are leaked to the dark web it would essentially provide a complete list of calls that AT&T customers made and received (and message recipients) during the 2022 breach window. This includes the duration of each call and the number of times each phone number was contacted. The data breach does mostly impact domestic calls and messages, but calls to Canada are included.

As of now, AT&T believes that the customer records remain in private hands. It is still not entirely clear what hacking group has it, but other Snowflake-related records have already been leaked to the dark web after apparent failures to negotiate ransoms with the victims.

The biggest danger of the data breach could actually be posed to those who use the oldest phones. AT&T says that an additional “small amount” of data from January 2023 was captured, which may have included cell site identification numbers and may have been limited to those using 3G connections. The company has not confirmed this as of yet.

Recent Posts

How can we help?

14 + 4 =

× How can I help you?