Senate Inquiry Into AT&T Security Breach

WASHINGTON, July 18, 2024 – Two United States Senators demanded information regarding the recent security breach of AT&T’s private customer data in a letter to the company’s CEO on Tuesday.

On Friday, AT&T announced that six months of sensitive customer data, such as phone and text message records, were illegally accessed from a third-party cloud platform, called Snowflake. AT&T told consumers that it learned that the data was compromised in April and subsequently launched an investigation.

The investigation found that nearly all of AT&T’s cellular and landline customers were affected by the breach. The company assured customers that the data does not contain the content of calls or texts, personal information such as Social Security numbers or dates of birth, or time stamps of communications. However, it warned that there are ways to find the names associated with specific telephone numbers.

The letter came from Chair of the Subcommittee on Privacy, Technology and the Law Richard Blumenthal, D-Connecticut, and Ranking Member Josh Hawley, R-Missouri. It demanded that AT&T executives release information on how the hackers gained access to Snowflake services, a detailed timeline of all events related to the breach, investigations into previous hacks, why AT&T had retained months of detailed data, why the company delayed public notice of the breach, whether customers have been notified, and any compensation to those customers.

“Taken together, the stolen information can easily provide cybercriminals, spies, and stalkers a logbook of the communications and activities of AT&T customers over several months, including where those customers lived and traveled,” read the letter.

This breach is one of a series of breaches of clients of Snowflake, a cloud service designed to help analyze business data.

“AT&T customers, including businesses and government entities, should be deeply concerned about this theft of private information about their communications,” said the letter. Additionally, the senators warned customers that the group behind the breach has leaked and ransomed records of past thefts, and there is “no reason to believe that AT&T’s sensitive data will not also be auctioned and fall into the hands of criminals and foreign intelligence agencies.”

In a press conference, Federal Communications Commission Chairwoman Jessica Rosenworcel said that “any time there’s a data breach, we’re concerned. We have been in discussion with law enforcement and the company about this and have an ongoing investigation.”

Snowflake also received a letter from the senators, saying that the recent AT&T disclosure “raises concerns that we still do not know the full scope or impact of the campaign targeting Snowflake customers.”

Mandiant, a cybersecurity firm subsidiary of Google, reported that 160 other organizations could have been targeted in the hacking campaign. Mandiant said that the cybercrime group obtained AT&T passwords from malware infections bundled with pirated software. According to Mandiant, AT&T could have avoided the attack by changing passwords and implementing firewalls and multi-factor authentication.

Cyber attacks are not uncommon. In May, the Seattle Public Library had its servers allegedly overtaken by ransomware.