What Happened
In 2024, AT&T suffered a major data breach between April 14 and 25, when threat actors unlawfully accessed an AT&T workspace on the third-party cloud platform Snowflake—exploiting weak security like missing multi-factor authentication—and exfiltrated call and text metadata records for nearly all AT&T cellular customers, mobile virtual network operators on its network, and some landline customers who interacted with them. The stolen data, covering interactions from May 1 to October 31, 2022, plus limited records from January 2, 2023, included phone numbers, call/text counts and durations, and cell site IDs revealing approximate locations for some users, but excluded call/text contents, names, Social Security numbers, or other PII. AT&T learned of the breach on April 19, delayed public disclosure until July 12 at the U.S. Department of Justice’s request, implemented enhanced security measures, notified affected customers, collaborated with law enforcement (leading to at least one arrest), and reportedly paid approximately $370,000 in Bitcoin ransom to the ShinyHunters group for data deletion, though it stated the data was not publicly available. This incident, distinct from AT&T’s separate March 2024 breach exposing PII of 73 million accounts, prompted lawsuits, regulatory scrutiny, and customer credit monitoring offers.
