The Breach Dates Back To 2022 And “Nearly All” Cellular Customers Were Affected
Back in April, I wrote about how over 70 million AT&T users had their personal data leaked onto the dark web. Sure, it didn’t contain financial info, but it contained just enough for someone to be able to potentially steal your identity if they wanted to: names, phone numbers, addresses, and even SSNs. That’s a pretty impactful breach because while you can freeze a credit card if that’s the info that was stolen, there are very few practical options for your personal info being nabbed.
Well, just a few months after what we hoped would be AT&T’s only major breach in 2024, there is now news of yet another breach. This time, quite alarmingly, it is said to have affected “nearly all” cellular customers on AT&T. That’s extremely worrisome. The information stolen was from between May and October of 2022 and includes both call and text records, though it doesn’t include the timestamps or contents of any of the calls or messages. This breach was noticed back in April but was only just spoken of by the company this week.
According to AT&T, the hacker was able to access this data through a third-party cloud platform that AT&T uses called Snowflake. Not only was he able to get this info for AT&T users, but also MVNOs that use AT&T’s network such as Boost Mobile, Cricket Wireless, Straight Talk, TracFone, and several more.
Two Major Breaches In A Year Should Be A Massive Concern For AT&T Customers
One breach affected over 70 million customers and now the second breach affects “nearly all” cellular customers. These aren’t small breaches by any measure and it should be a major concern for customers that not only have their call and text records been compromised, but so has most of their pertinent personal data, all because they relied on a mobile carrier.
It won’t be surprising to learn that some customers may consider moving away from AT&T to safeguard themselves against a potential new breach being reported. Regardless, AT&T certainly needs to do something about its security and the state of customers’ sensitive data. It is understandable that this was due to a third party being compromised, but the carrier itself has a responsibility in that regard.
The hole that the hacker gained access through has been plugged up, the company is working with cybersecurity experts to figure out the best plan of action, and the FBI has supposedly caught one person who is involved with the hack. I suppose that’s the best that could happen after the fact.
