Yes, customers mobile and landline phone numbers which can be used for identify theft and phishing scams. Think the data is still harmless?
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Hackers Steal Phone Records of 'Nearly All' AT&T Customers
- Thread starter MacRumors
- Start date
- Sort by reaction score
That is probably why business do not want their servers in the EU due to introduction of data laws in the EU, businesses can receive very hefty fines for breaches of data which means they would be duty bound to make sure their systems are hack proof or at least show evidence that they have done everything they can to prevent hacks/data loss.
Does the US have something similar, a government oversight authority who can fine AT&T for breaches of data security or would individuals have to take them to court?
It was actually their service through Snowflake that got hacked. So likely their Snowflake account was holding an extract from their internal systems for analytics (probably customer analytics aka marketing). As such it is likely that neither messages nor other data unnecessary for that analytics work was comprimised (e.g. for marketing work you don't usually need SSN so it makes sense that would not be exported to an analytics system/service even if it was available from the inernal system).
Still lessons for individuals and companies and the cloud. While the upsides are well marketed, there are downsides including that your data is now by definition external and it is now centralized in a lucrative target. It's probably not easier to break into Snowflake than my home network but I bet the economics for the hackers work out better targeting the former.
There is no service cheap or expensive that can keep data safe. It takes lot more to secure data, access, encryption, vulnerabilities, and pigeon ex employee, and so on. You are as good as the weakest link.
US govt has similar stuff. In fact in US state attorney generals can go after companies. Equifax is a good example, but those hefty fines aren’t really gonna hurt the companies.
I could be in a minority here, but should it be a criminal offense against a company where data is leaked?
Something should changed. If we are entrusting our data and information to these companies, it should be very secure. I can only expect the frequency of leaks to increase over time.
Something should changed. If we are entrusting our data and information to these companies, it should be very secure. I can only expect the frequency of leaks to increase over time.
Maybe these are gg hackers that are just interested in stopping the rampant spam calls/texts I get asking for political donations.
Man everyone saying "eh they didn't steal anything worth worrying about" have no imagination. It would be trivial to grab all the phone numbers, grab the phone number that it texts the most, spoof that number, and send it a text that says "Hey honey, click this!" ... wouldn't work for all, wouldn't even work for most, but would work for enough.
I am of the opinion a company should receive a hefty fine for data breaches BUT I am also of the opinion if a company ignores data security concerns or fails to introduce/implement safety controls due to laziness and or financial costs then criminal proceedings should be brought to bare down on the company bosses.
I believe the EU introduced changes to health and safety laws where company directors can now be made responsible for serious breaches of health and safety. The same should happen with data security breaches, go after the company bosses who do not give a damn about data security instead of putting all the blame on IT individuals who's job it is to run and maintain the companies IT system.
Absolutely! Did you read that no names or other personally identifiable information was connected to the phone numbers? So they have a bunch of phone numbers...whoop-di-do! I get random telemarketer calls all day long.
Not sure how old you are, but there used to be things called PHONE BOOKS with your NAME and NUMBER for EVERYONE TO SEE! OMG! The "harm" that was caused! Get a grip.
That is what the criminals hope for, ignorant people who are of the belief what is stolen is harmless.
You should stay inside -- the sky is falling around you.
I know Verizon isn't perfect, but it seems like that have the fewest issues when it comes to data breaches out of the big 3 carriers. Plus, I just got a 19% discount with my employer and a $25 monthly loyalty discount on top of that, so I'm not leaving anytime soon.
Whilst there is still probably phone books out there, for the most part, smartphones and the internet was not around when phone books had their period of popularity thus it was not easy for criminals to do the things they did back then compared to todays technological society.
Which criminals? In this case, the article said (did you read it?) that one person was arrested and that they don't believe the data went public.
The most secure option is the one that most recently suffered a breech.
I have MacRumors as one of my 4 pinned tabs along my work login page, my homebridge, and my gmail. I must refresh it more than 20 times a day to see new articles. Mostly I use it for updates on Apple Products, notifications of new ios, watchos, macos updates...but love articles like this one that also keep me looped in on scams and other ways to keep me safe. Thank you for all you do @MacRumors
Hackers broke into a cloud platform used by AT&T and accessed the phone records of "nearly all" of its cellular customers, AT&T announced on Friday.
AT&T said the stolen data contains phone numbers of both cellular and landline customers, as well as AT&T records of calls and text messages across a six-month period between May 1, 2022 and October 31, 2022.
AT&T said some of the stolen data includes more recent records from January 2, 2023 for a smaller, unspecified number of customers, as well as call records of customers with other cellular carriers that rely on AT&T's network.
Some of the records include cell site identification numbers linked to calls and texts, which can be used to work out the approximate location of where a call was made or message sent.
The downloaded data doesn't include the content of any calls or texts, or their time stamps, according to AT&T. It also doesn't have any details such as Social Security numbers, dates of birth, or other personally identifiable information.
AT&T said it learned of the data breach on April 19, and that it is unrelated to an earlier security incident in March. The company said it does not believe the data is publicly available at this time, and it continues to work with law enforcement to identify and apprehend those involved. At least one person is said to have been arrested.
AT&T told TechCrunch that the most recent compromise of customer records were stolen from the cloud data giant Snowflake during a recent spate of data thefts targeting Snowflake's customers. Other companies that have confirmed stolen data from Snowflake include Ticketmaster, QuoteWizard, and others.
Cybersecurity researchers from incident response firm Mandiant say the hacker group is mostly based in the US and those involved are financially motivated.
AT&T customers concerned about phishing and smishing scams should visit the company's support article, which also includes advice on how to protect yourself from online fraud.
Article Link: Hackers Steal Phone Records of 'Nearly All' AT&T Customers
If having a name and phone number (which isn't even the case here since there are no names) is such a risk of being a victim of some crime, just think of practically every email sent with a signature has a name and a phone number! The internet is full of name/phone number associations. Apparently, everyone wasn't told doing so was exposing them to criminal activity. Again -- making much ado about nothing. Someone said we're not using our imagination -- if I used my imagination, I can think of terrible things happening to me just walking out my front door.
After what happened to CDK and now this and many other things, this seems to be blowback from too much centralization. Everything is outsourced and centralized and then one single valuable target gets attacked and thousands of companies and potentially millions of people are compromised all at once. All because of over centralization.
Nah not really. AT&T has breach after breach after breach, and it doesn't get any better. More than any other carrier, they have the most breaches by a long shot. And they seem to be getting more frequent.
Last edited: