AT&T revealed on Friday {that a} large knowledge hack, initially uncovered in April, might have been worse than beforehand thought.
The decision and textual content logs of “almost all” of its mobile clients have been uncovered within the breach.
“In April, AT&T realized that buyer knowledge was illegally downloaded from our workspace on a third-party cloud platform,” the corporate said in a statement. “We launched an investigation and engaged main cybersecurity specialists to grasp the character and scope of the felony exercise. We’ve taken steps to shut off the unlawful entry level.”
The compromised knowledge contains recordsdata containing AT&T data of calls and texts of “almost all” of AT&T’s mobile clients from Might 1, 2022 – October 31, 2022. Per CNN, on the finish of 2022, AT&T had 110 million wi-fi subscribers.
The corporate said the info “doesn’t comprise the content material of calls or texts, private data akin to Social Safety numbers, dates of beginning, or different personally identifiable data.”
“At the moment, we don’t consider that the info is publicly out there,” AT&T mentioned within the assertion. “We’re working with regulation enforcement in its efforts to arrest these concerned within the incident. We perceive that a minimum of one individual has been apprehended.”
Prospects can go to att.com/DataIncident for extra data.
[Original story below from 4/1/2024]
Present and former AT&T clients beware.
The cellular and web service supplier confirmed over the weekend the corporate suffered from an enormous knowledge breach that will have leaked the non-public data of an estimated 7.6 million present AT&T clients and 65.4 million former clients, totaling 73 million customers affected.
AT&T mentioned that, roughly two weeks in the past, the info set was leaked to the “darkish net.” It is unclear if the leak originated from AT&T or a third-party vendor.
Associated: ‘I Want a Free Month’: Thousands of Customers Furious at AT&T After Widespread Outages
Compromised knowledge may include social safety numbers, full names, telephone numbers, AT&T account data (numbers and passcodes), and electronic mail and mailing addresses.
“At the moment, AT&T doesn’t have proof of unauthorized entry to its programs leading to exfiltration of the info set. The corporate is speaking proactively with these impacted and will probably be providing credit score monitoring at our expense the place relevant,” the corporate mentioned in a release. “As of immediately, this incident has not had a fabric impression on AT&T’s operations.”
The corporate additionally clarified that the info “seems” to be from accounts created in 2019 or earlier.
Information of the leak was initially posted on X by tech account @vx-underground on March 17, which claimed that “the stolen knowledge is authentic” and was leaked onto darkish net platform Breached.
Right now 70,000,000+ data from an unspecified division of AT&T had been leaked onto Breached. No data is offered to point whether or not it’s a third get together compromise, or which ‘division’ this knowledge is from.
Regardless, upon assessment, we are able to verify the stolen knowledge is authentic.
— vx-underground (@vxunderground) March 17, 2024
Earlier this yr, in February, AT&T suffered a mass outage that affected roughly 75% of the corporate’s whole clients. CEO John Stankey confirmed that clients who had been “most affected” by the service disruption will obtain a $5 credit score to their account.
Associated: Maine Hacked in Data Breach, 1.3 Million Residents At Risk
“Moments like these are a check of resilience,” Stankey wrote on the time in an internal memo. “This isn’t our first community outage, and it will not be our final – sadly, it is the truth of our enterprise. What issues most is how we react, adapt, and enhance to ship the service our clients want and count on.”
AT&T was down over 10.5% yr over yr as of Monday morning.