AT&T Details
Industry
Telecommunications
Security Incidents
3
AT&T Inc. is a major American multinational conglomerate specializing in telecommunications and digital entertainment services. Founded on October 5, 1983, as Southwestern Bell Corporation, AT&T's lineage traces back to Alexander Graham Bell's original Bell Telephone Company, established in 1877. Over the years, AT&T evolved through mergers and acquisitions, becoming one of the most significant players in the global telecommunications industry. The company provides a comprehensive array of services, including wireless communications, broadband Internet, and digital television.
A notable miles...
Show more
Security Incidents
AT&T Breach of Apr 2024
The stolen data, from interactions between May 1 and October 31, 2022, and January 2, 2023, included telephone numbers, counts of interactions, and aggregate call durations. Certain records also contained one or more cell site identification n...
Show more
The breach underscores the vuln...
Show more
This breach presents significant risks, including potential identity theft and targeted attacks. Using publicly available tools, attackers could potentially correlate the metadata with individual ide...
Show more
Severity Score
High
Type
3rd Party CompromiseSummary
On April 14-25, 2024, AT&T experienced a significant data breach that exposed call and text interaction records of approximately 109 million wireless customers. This breach was linked to an attack on the Snowflake platform, a cloud-based data warehousing provider used by AT&T, where hackers utilized compromised credentials to access and exfiltrate data.The stolen data, from interactions between May 1 and October 31, 2022, and January 2, 2023, included telephone numbers, counts of interactions, and aggregate call durations. Certain records also contained one or more cell site identification n...
Show more
Severity
The recent AT&T data breach was significant in scale and sophistication, impacting nearly all its 109 million wireless customers and affected customers of mobile virtual network operators (MVNOs) using AT&T’s network. The attackers exfiltrated call and text metadata, including phone numbers and cellular site location details, between April 14 and April 25, 2024, from AT&T’s Snowflake account. Although no sensitive PII like Social Security numbers or call content was compromised, the stolen metadata can still be exploited for identity theft and targeted attacks.The breach underscores the vuln...
Show more
Impact
The recent AT&T data breach, linked to multiple breaches targeting Snowflake customers, exposed call and text records of nearly all AT&T wireless and landline customers. While the compromised data did not include call content, social security numbers, or other personally identifiable information, it did involve telephone numbers, interaction counts, and, for some records, cell site location data.This breach presents significant risks, including potential identity theft and targeted attacks. Using publicly available tools, attackers could potentially correlate the metadata with individual ide...
Show more
AT&T Breach of Mar 2024
Show more
Severity Score
Moderate
Type
Data BreachSummary
AT&T has discovered a data set containing information on millions of current and former customers on the dark web. Initially reported to affect 73 million customers, AT&T has clarified that the breach impacts 51 million individuals due to the elimination of duplicate or inaccurate records. The data, which dates back to 2019 or earlier, includes sensitive information such as full names, social security numbers, and AT&T account details. The source of the breach remains unclear, and there is no evidence of unauthorized access to AT&T's systems. AT&T is notifying affected individuals and offering...Show more
Severity
AT&T uncovered a data set on the dark web affecting 51 million customers, indicating a significant breach dating back to 2019 or earlier. The data breach exposed sensitive information such as names, social security numbers, and AT&T account details. The impact on customer data is substantial, although AT&T has found no evidence of unauthorized access to its systems.Impact
The data breach affected approximately 51 million current and former AT&T customers, exposing sensitive information dating back to 2019 or earlier. The compromised data includes full names, social security numbers, email addresses, and AT&T account details. AT&T is notifying affected individuals and offering credit monitoring and identity theft protection services.AT&T Breach of Jan 2023
Show more
In response, AT&T acted swiftly by notifying federal law enforcement and im...
Show more
Fortunately, no sensitive personal information like Social Security numbers, c...
Show more
Severity Score
Significant
Type
3rd Party CompromiseSummary
On January 6, 2023, AT&T discovered a data breach involving a third-party vendor that impacted approximately 9 million customers. The vendor responsible for marketing services was compromised, leading to unauthorized access to Customer Proprietary Network Information (CPNI) such as customer first names, wireless account numbers, wireless phone numbers, and email addresses. A smaller subset of customers had additional details exposed, including rate plan names, past due amounts, monthly payment amounts, and minutes used. Fortunately, sensitive personal information such as Social Security number...Show more
Severity
The recent cyber incident involving AT&T constituted a significant data breach that affected around 9 million customers, primarily due to a third-party vendor's mishandling of data. The compromised information included Customer Proprietary Network Information (CPNI) such as first names, wireless account numbers, wireless phone numbers, and email addresses. Though more sensitive personal information remained secure, the scope of the data exposed and the number of individuals affected highlight the breach's seriousness.In response, AT&T acted swiftly by notifying federal law enforcement and im...
Show more
Impact
The recent cyber incident involving AT&T was a data breach that originated with a third-party vendor responsible for marketing services. Approximately 9 million customers were impacted, with exposed data including Customer Proprietary Network Information (CPNI) such as customer first names, wireless account numbers, wireless phone numbers, and email addresses. For a smaller group of customers, additional details like rate plan names, past due amounts, monthly payment amounts, and minutes used were also compromised.Fortunately, no sensitive personal information like Social Security numbers, c...
Show more
KEEP YOUR ENVIRONMENT SECURE
Weak credentials are the leading cause of breaches. Beyond Identity can help.
See MFA exploits in action
Watch how adversaries exploit companies in quick videos