In a concerning update for the telecom and cloud data security sectors, AT&T has been hit by a major data breach linked to the ongoing Snowflake cybersecurity incident. This breach, revealed on 12 July 2024, has exposed the phone records of almost 110 million AT&T customers, highlighting vulnerabilities in cloud-based data storage and the urgent need for stronger cybersecurity measures.
AT&T discovered the breach when a security researcher notified the company about compromised call logs obtained through Snowflake’s insecure cloud storage. After verifying the data’s authenticity, AT&T reportedly engaged Google-owned cybersecurity firm Mandiant for further investigation and disclosed the breach to the SEC.
The AT&T breach is part of a wider supply chain attack involving Snowflake, a major cloud data analysis player whose platform serves tech giants such as Adobe, Canva, and Mastercard.
Other known affected customers include large companies such as Ticketmaster, Santander Bank, Advance Auto Parts, and Neiman Marcus, signalling significant vulnerabilities in its cloud data systems.
The primary suspect behind the data theft allegedly accessed the information through insecure cloud storage and was reportedly arrested in May for unrelated charges related to a previous breach involving T-Mobile. Although AT&T claims the data has been erased from the hackers’ possession, concerns remain about potential copies of the dataset circulating among other parties.
Data stolen in the AT&T breach includes:
The compromised data spans from May to October 2022, with a smaller group of data extending to January 2023. AT&T confirmed that, unlike its previous breach that exposed the sensitive data of 73 million AT&T customers earlier this year, the Snowflake breach did not include call or text contents, names, credit card data, or Social Security numbers.
AT&T reportedly paid hackers approximately $370,000 in Bitcoin to delete stolen phone records, which included call and text metadata of millions of customers. The hackers, affiliated with the ShinyHunters group, were reportedly approached by AT&T after learning of the breach from a security researcher acting as an intermediary.
In the days following the breach, AT&T’s stock fell by 0.3% to $18.80, reflecting a $130 million drop in market cap. Before the hacking disclosure, AT&T stock had been up 12% in 2024.
For CFOs and finance managers, this incident underscores several key points:
As investigations into AT&T’s breach continue, finance leaders must remain vigilant as scam risks heighten following a significant data breach. This latest incident serves as a reminder of cybersecurity’s crucial role in the digital finance world. Moving forward, finance professionals should:
Learning from such incidents will help finance leaders protect their organisations from evolving cyber threats.
AI voice scams are targeting finance teams—using deepfake tech to mimic executives and authorise payments. Learn how they work—and how to stop them.
Discover 14 real-world AI-driven tax scams targeting US finance teams this season—what they look like, how they work, and how to stop them in action.
A cyberattack on Aussie super funds reveals major control gaps. Learn what finance leaders must do now to protect payments and prevent fraud.
End-to-end B2B payment protection software to mitigate the risk of payment error, fraud and cyber-crime.
