The network has agreed to pay a ransom to delete call and text message data exposed in 2022.
What happened
AT&T, the second-larger 5G network provider in the United States, recently discovered a massive data breach.
The company discovered the breach in mid-April, but the Justice Department delayed the public disclosure to investigate further. In a statement, the FBI said, “In assessing the nature of the breach, all parties discussed a potential delay to public reporting…due to potential risks to national security and/or public safety.”
According to the investigation, the breach occurred between mid-to-late 2022, with some individuals also impacted in early 2023. The stolen data included call and text message records between AT&T users and their call recipients in the United States and Canada.
AT&T said the compromised data included names and telephone numbers of “nearly all” of its cellular customers. The criminals could also view the duration of calls between individuals and the number of times they interacted. The content of calls and messages was not part of the breach. Since then, AT&T has reportedly given $370,000 to the hacker, who agreed to delete the data.
Going deeper
AT&T determined the incident was part of the Snowflake breach, a cloud platform known for storing massive datasets. The breach also impacted companies like Ticketmaster, Santander Banking, Advance Auto Parts, and others.
In a statement, Snowflake maintained that the breach was not a result of “vulnerability, misconfiguration or breach of Snowflake’s platform.” Despite this, AT&T’s data was accessed via its Snowflake platform.
While the data stolen may seem minuscule, experts believe it could be valuable to cybercriminals. Sanaz Yashar of cybersecurity firm Zafran said cell ID data could be used alongside other information to pinpoint where an individual works, including those who work at the White House or Pentagon.
To delete the data, AT&T worked with an intermediary security researcher to negotiate. The unnamed hacker initially asked for one million dollars to delete the data, but negotiated to $370,000. The hacker then provided video proof of the deletion.
The big picture
USA Today reported that this breach is a larger issue for national security, but not a major cause of concern for everyday residents.
Impacted individuals can expect to be contacted via text or mail regarding the breach, but otherwise do not need to take action.
Data has not been posted online, but paying a ransom isn’t a guarantee that data will be deleted. In fact, paying is generally an ineffective strategy, as hackers may store or copy data despite receiving payment.
Since the breach has only recently been disclosed, we’ll likely hear more details, including potential litigation, in the coming weeks.