LOADING

Type to search

AT&T Data Breach 2024: Arrest in Breach Impacting Over 110 Million Users

Cybersecurity News

AT&T Data Breach 2024: Arrest in Breach Impacting Over 110 Million Users

Share
AT&T Data Breach 2024: Arrest in Breach Impacting Over 110 Million Users

In a significant cybersecurity incident, AT&T confirmed on Friday that more than 110 million customers were affected by a data breach in 2024. This event marks a first in the history of cybersecurity incidents, with the Justice Department initially allowing the enterprise to keep breach details confidential before eventually clearing them for public release.

The breach, attributed to a series of Snowflake attacks, compromised call data but did not include the content of those calls. Although customer names were not directly exposed, AT&T acknowledged that it is possible to identify individuals using publicly available online tools. 

AT&T spokesperson Jim Kimberly explained, “The stolen data, which was stored on a third-party workspace and spans from approximately May 1 to October 31, 2022, as well as January 2, 2023, is not as detailed as the information typically seen on an AT&T phone bill. It’s more like ‘this phone number contacted this phone number and were connected for this many minutes’.”

In their SEC filing, AT&T provided more specifics: “The data does not contain the content of calls or texts, personal information such as Social Security numbers, dates of birth, or other personally identifiable information. Current analysis indicates that the data includes, for these periods of time, records of calls and texts of nearly all of AT&T’s wireless customers and customers of mobile virtual network operators (MVNOs) using AT&T’s wireless network. These records identify the telephone numbers with which an AT&T or MVNO wireless number interacted during these periods, including telephone numbers of AT&T wireline customers and customers of other carriers, counts of those interactions, and aggregate call duration for a day or month. For a subset of records, one or more cell site identification number(s) are also included.”

Given that “nearly all” AT&T mobile customers were impacted, questions arise about why some customers were not affected. When asked, AT&T’s Kimberly did not have an immediate answer.

AT&T reported that at least one person has been arrested in connection with the incident, but the company referred further questions about the arrest to the FBI, which did not respond to inquiries.

Unlike other major data breaches, AT&T stated that the stolen information has not been posted on the Dark Web or any other public forums. “As of the date of this filing, AT&T does not believe that the data is publicly available,” the company informed the SEC.

An unusual aspect of this case is the FBI/Justice Department’s decision to permit AT&T to keep breach details confidential initially, which is unprecedented. Neither AT&T nor the FBI disclosed the reasons behind the eventual decision to make the breach public. The arrest of the suspect may have influenced this decision. According to the FBI, “Shortly after identifying a potential breach to customer data and before making its materiality decision, AT&T contacted the FBI to report the incident. In assessing the nature of the breach, all parties discussed a potential delay to public reporting under Item 1.05(c) of the SEC Rule, due to potential risks to national security and/or public safety. AT&T, FBI, and DOJ worked collaboratively through the first and second delay process, all while sharing key threat intelligence to bolster FBI investigative equities and to assist AT&T’s incident response work.”

The FBI encourages companies to work with law enforcement early during cyber incidents. “The FBI prioritizes assistance to victims of cyber-attacks, encourages organizations to establish a relationship with their local FBI field office in advance of a cyber incident, and to contact the FBI early in the event of breach,” the FBI stated.

It is possible that the authorities did not want the suspect to be aware of the breach discovery. Although more suspects are at large, the first arrest might have signaled the end of the need for secrecy. The exact timing of Justice’s permission to disclose remains unspecified.

“On May 9, 2024, and again on June 5, 2024, the U.S. Department of Justice determined that, under Item 1.05(c) of Form 8-K, a delay in providing public disclosure was warranted. AT&T is now timely filing this report,” AT&T mentioned in their filing.

Despite concluding that the incident was not material, AT&T chose to disclose it. “As of the date of this filing, this incident has not had a material impact on AT&T’s operations, and AT&T does not believe that this incident is reasonably likely to materially impact AT&T’s financial condition or results of operations.”

Jonathan Rudy, senior counsel for TransUnion, expressed surprise at this declaration. “You lose almost your entire call center base for three months, and you don’t consider that material?” he said in an interview, emphasizing that these were his personal views. “You could get a lot of good collateral goods out of this stuff.”

The disclosure was signed by Stacey Maris, AT&T’s senior VP and chief privacy officer, rather than the usual SEC security incident executives like the CFO, CIO, or CISO. This might indicate that AT&T viewed this massive breach primarily as a privacy issue rather than a security matter, possibly due to the third-party involvement.

“That is probably a good thing. They opted for the person who is closest to the problem,” Rudy noted, suggesting that privacy disclosures were the main concern.

This unprecedented AT&T data breach raises new questions about cybersecurity incident disclosure and the collaboration between enterprises and law enforcement in managing the fallout from such breaches.

Author

  • Maya Pillai is a tech writer with 20+ years of experience curating engaging content. She can translate complex ideas into clear, concise information for all audiences.

    View all posts
Tags:
Maya Pillai

Maya Pillai is a tech writer with 20+ years of experience curating engaging content. She can translate complex ideas into clear, concise information for all audiences.

  • 1

You Might also Like

1 Comment

  1. I’m impressed, I must say. Rarely do I encounter a blog that’s both educative and amusing, and without
    a doubt, you have hitt the nail on thee head.
    The problem iis something which too few folks are speaking intelligently about.
    I am very hqppy that I found this in my hunt for something relating to this. https://zeleniymis.com.ua/

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *