In a concerning update for the telecom and cloud data security sectors, AT&T has been hit by a major data breach linked to the ongoing Snowflake cybersecurity incident. This breach, revealed on 12 July 2024, has exposed the phone records of almost 110 million AT&T customers, highlighting vulnerabilities in cloud-based data storage and the urgent need for stronger cybersecurity measures.
Key details
Around 110 million AT&T customers are affected.
Data stolen includes phone numbers, call and text records, and location data.
The breach is tied to a broader attack on the Snowflake cloud platform.
AT&T reportedly paid hackers approximately $370,000 in Bitcoin to delete stolen phone records.
AT&T's stock dropped by 0.3%, amounting to a $130 million loss in market cap.
Authorities have apprehended at least one individual in connection with the breach.
Understanding the Snowflake connection: cloud data vulnerabilities exposed
AT&T discovered the breach when a security researcher notified the company about compromised call logs obtained through Snowflake's insecure cloud storage. After verifying the data's authenticity, AT&T reportedly engaged Google-owned cybersecurity firm Mandiant for further investigation and disclosed the breach to the SEC.
The AT&T breach is part of a wider supply chain attack involving Snowflake, a major cloud data analysis player whose platform serves tech giants such as Adobe, Canva, and Mastercard.
Other known affected customers include large companies such as Ticketmaster, Santander Bank, Advance Auto Parts, and Neiman Marcus, signalling significant vulnerabilities in its cloud data systems.
The primary suspect behind the data theft allegedly accessed the information through insecure cloud storage and was reportedly arrested in May for unrelated charges related to a previous breach involving T-Mobile. Although AT&T claims the data has been erased from the hackers' possession, concerns remain about potential copies of the dataset circulating among other parties.
Scope of the AT&T breach: what was compromised
Data stolen in the AT&T breach includes:
Phone numbers for both cellular and landline users
Records of calls and texts
Details of interactions between phone numbers
Total counts of calls and texts
Call durations
Cell site IDs that can pinpoint approximate call locations
The compromised data spans from May to October 2022, with a smaller group of data extending to January 2023. AT&T confirmed that, unlike its previous breach that exposed the sensitive data of 73 million AT&T customers earlier this year, the Snowflake breach did not include call or text contents, names, credit card data, or Social Security numbers.
AT&T breach: financial impact
AT&T reportedly paid hackers approximately $370,000 in Bitcoin to delete stolen phone records, which included call and text metadata of millions of customers. The hackers, affiliated with the ShinyHunters group, were reportedly approached by AT&T after learning of the breach from a security researcher acting as an intermediary.
In the days following the breach, AT&T's stock fell by 0.3% to $18.80, reflecting a $130 million drop in market cap. Before the hacking disclosure, AT&T stock had been up 12% in 2024.
Implications for finance leaders: lessons from the AT&T breach
For CFOs and finance managers, this incident underscores several key points:
Cloud risks: The breach highlights the risk of storing sensitive data in cloud systems.
Third-party oversight: It emphasizes the need to vet third-party providers and understand their security protocols.
Fraud detection: Finance departments need effective controls for spotting unusual activities and preventing fraud.
Incident response: Organizations must have robust plans to manage breaches and maintain stakeholder trust.
Financial security: The stock drop shows how breaches can impact financial stability, highlighting cybersecurity as a key financial risk.
Looking ahead: strengthening cybersecurity in finance
As investigations into AT&T's breach continue, finance leaders must remain vigilant as scam risks heighten following a significant data breach. This latest incident serves as a reminder of cybersecurity's crucial role in the digital finance world. Moving forward, finance professionals should:
Conduct regular data analytics to detect fraud and security risks.
Invest in software to verify supplier details and bank accounts.
Centralize data for comprehensive review processes.
Allocate resources to cybersecurity measures and training.
Learning from such incidents will help finance leaders protect their organizations from evolving cyber threats.
Has your data been exposed?
Use our free data breach checker to see if your sensitive data has been exposed in a breach.