Snowflake Faces Data Breach Fallout as AT&T Reports Customer Data Compromise

Snowflake is grappling with a significant cybersecurity issue following AT&T's announcement that a breach has affected data from "nearly all" of its wireless customers. The telecommunications giant revealed in a regulatory filing that hackers accessed a cloud platform containing sensitive customer information, including records of calls and text messages, over a six-month period in 2022. This incident marks the most severe development since Snowflake disclosed the breach on May 30, 2024, after becoming aware of unauthorized access to customer accounts. The breach was attributed to a group known as UNC5537, which exploited login credentials that had been previously stolen through malware. AT&T, which serves 242 million customers in the U.S. wireless mobility sector, confirmed that while attackers accessed customer data, they did not obtain the actual content of calls or texts. A spokesperson for Snowflake refrained from commenting on the AT&T incident, instead referring to earlier statements regarding the breach. Mandiant, assisting in the investigation, noted that some malware infections in systems not owned by Snowflake date back to 2020, with stolen credentials remaining valid for years. The lack of multi-factor authentication allowed UNC5537 to infiltrate customer environments easily. Despite the breach, AT&T stated it does not anticipate any material financial impact from the incident. Since its initial public offering, Snowflake's stock has seen a decline, closing at $134.73 on Friday, resulting in a market valuation of approximately $45 billion, down from a peak of over $70 billion.