Hackers breach AT&T, compromising call and text records of millions

In a recent security breach, AT&T revealed that the personal data of approximately 109 million customer accounts was compromised over a five-month period in 2022. The breach affected AT&T's cellular customers, users of mobile virtual network operators on AT&T's network, and landline customers who interacted with cellular numbers. The compromised data did not include sensitive information like Social Security numbers or call/text content, but it could potentially be used to trace users. The breach was traced back to a third-party platform, Snowflake, and did not impact AT&T's network directly. The stolen data included call and text records from May to October 2022, as well as some records from January 2023. While the breach did not expose personal information, it could still be used to identify individuals through publicly available tools. The Department of Justice was made aware of the breach earlier this year, and AT&T was required to disclose the incident publicly. Cybersecurity experts warn that such breaches pose a significant risk to national security and public safety. This breach comes on the heels of a previous data leak in 2019 that affected over 73 million users, exposing sensitive information like names, addresses, and Social Security numbers. AT&T reassured customers that the breach did not impact its operations, but the incident underscores the ongoing challenges companies face in safeguarding customer data. The company is working to address the breach and has taken steps to enhance its cybersecurity measures to prevent future incidents. AT&T's acknowledgment of the breach highlights the growing threat of cyberattacks targeting large corporations and the need for stronger cybersecurity measures across industries. As data breaches become more common, there is a pressing need for regulatory bodies like the FCC to hold companies accountable for their negligence in protecting customer data. The incident serves as a reminder of the importance of robust cybersecurity practices in safeguarding sensitive information and maintaining public trust in the digital age.