AT&T Details
Industry
Telecommunications
Security Incidents
4
AT&T Inc. is a major American multinational conglomerate specializing in telecommunications and digital entertainment services. Founded on October 5, 1983, as Southwestern Bell Corporation, AT&T's lineage traces back to Alexander Graham Bell's original Bell Telephone Company, established in 1877. Over the years, AT&T evolved through mergers and acquisitions, becoming one of the most significant players in the global telecommunications industry. The company provides a comprehensive array of services, including wireless communications, broadband Internet, and digital television.
A notable miles...
Show more
Security Incidents
AT&T Breach of Apr 2024
The stolen data, from interactions between May 1 and October 31, 2022, and January 2, 2023, included telephone numbers, counts of interactions, and aggregate call durations. Certain records also contained one or more cell site identification n...
Show more
The breach underscores the vuln...
Show more
This breach presents significant risks, including potential identity theft and targeted attacks. Using publicly available tools, attackers could potentially correlate the metadata with individual ide...
Show more
Severity Score
High
Type
3rd Party CompromiseSummary
On April 14-25, 2024, AT&T experienced a significant data breach that exposed call and text interaction records of approximately 109 million wireless customers. This breach was linked to an attack on the Snowflake platform, a cloud-based data warehousing provider used by AT&T, where hackers utilized compromised credentials to access and exfiltrate data.The stolen data, from interactions between May 1 and October 31, 2022, and January 2, 2023, included telephone numbers, counts of interactions, and aggregate call durations. Certain records also contained one or more cell site identification n...
Show more
Severity
The recent AT&T data breach was significant in scale and sophistication, impacting nearly all its 109 million wireless customers and affected customers of mobile virtual network operators (MVNOs) using AT&T’s network. The attackers exfiltrated call and text metadata, including phone numbers and cellular site location details, between April 14 and April 25, 2024, from AT&T’s Snowflake account. Although no sensitive PII like Social Security numbers or call content was compromised, the stolen metadata can still be exploited for identity theft and targeted attacks.The breach underscores the vuln...
Show more
Impact
The recent AT&T data breach, linked to multiple breaches targeting Snowflake customers, exposed call and text records of nearly all AT&T wireless and landline customers. While the compromised data did not include call content, social security numbers, or other personally identifiable information, it did involve telephone numbers, interaction counts, and, for some records, cell site location data.This breach presents significant risks, including potential identity theft and targeted attacks. Using publicly available tools, attackers could potentially correlate the metadata with individual ide...
Show more
AT&T Breach of Oct 2024
The breach allowed Salt Typhoon, also known by other ...
Show more
The severity of this incident is underscored by the attackers' sophisticated methods and the strategic implications of their access to wi...
Show more
The attack underscores the persistent threat posed by...
Show more
Severity Score
Significant to High
Type
Corporate BreachSummary
In October 2024, a cyber campaign identified as "Salt Typhoon," linked to Chinese state-sponsored hackers, targeted US telecommunications giants Verizon, AT&T, and Lumen Technologies. These attacks potentially granted the attackers access to systems used for lawful wiretapping and general communication data exchange between these providers and law enforcement agencies. The intrusion raised serious national security concerns, given the sensitive nature of the information involved and the potential compromise of U.S. governmental operations.The breach allowed Salt Typhoon, also known by other ...
Show more
Severity
The cyberattack by the China-linked group known as Salt Typhoon targeted major U.S. internet service providers, including Verizon, AT&T, and Lumen Technologies. The group potentially accessed systems used for court-authorized wiretapping, posing a significant national security risk. The breach allowed the hackers to gather sensitive information from U.S. broadband networks, possibly compromising vital law enforcement and intelligence gathering capabilities.The severity of this incident is underscored by the attackers' sophisticated methods and the strategic implications of their access to wi...
Show more
Impact
The Salt Typhoon cyber incident, linked to Chinese state-sponsored actors, represents a significant security breach of U.S. broadband providers Verizon, AT&T, and Lumen Technologies. This breach allowed the attackers potential access to wiretapping systems mandated for lawful surveillance, posing a major national security risk. Over several months, the hackers gathered extensive internet traffic data, impacting core network infrastructure and possibly compromising sensitive operations critical to U.S. law enforcement and national security.The attack underscores the persistent threat posed by...
Show more
Other incidents caused by this AT&T incident
AT&T Breach of Mar 2024
Show more
Severity Score
Moderate
Type
Data BreachSummary
AT&T has discovered a data set containing information on millions of current and former customers on the dark web. Initially reported to affect 73 million customers, AT&T has clarified that the breach impacts 51 million individuals due to the elimination of duplicate or inaccurate records. The data, which dates back to 2019 or earlier, includes sensitive information such as full names, social security numbers, and AT&T account details. The source of the breach remains unclear, and there is no evidence of unauthorized access to AT&T's systems. AT&T is notifying affected individuals and offering...Show more
Severity
AT&T uncovered a data set on the dark web affecting 51 million customers, indicating a significant breach dating back to 2019 or earlier. The data breach exposed sensitive information such as names, social security numbers, and AT&T account details. The impact on customer data is substantial, although AT&T has found no evidence of unauthorized access to its systems.Impact
The data breach affected approximately 51 million current and former AT&T customers, exposing sensitive information dating back to 2019 or earlier. The compromised data includes full names, social security numbers, email addresses, and AT&T account details. AT&T is notifying affected individuals and offering credit monitoring and identity theft protection services.AT&T Breach of Jan 2023
Show more
In response, AT&T acted swiftly by notifying federal law enforcement and im...
Show more
Fortunately, no sensitive personal information like Social Security numbers, c...
Show more
Severity Score
Significant
Type
3rd Party CompromiseSummary
On January 6, 2023, AT&T discovered a data breach involving a third-party vendor that impacted approximately 9 million customers. The vendor responsible for marketing services was compromised, leading to unauthorized access to Customer Proprietary Network Information (CPNI) such as customer first names, wireless account numbers, wireless phone numbers, and email addresses. A smaller subset of customers had additional details exposed, including rate plan names, past due amounts, monthly payment amounts, and minutes used. Fortunately, sensitive personal information such as Social Security number...Show more
Severity
The recent cyber incident involving AT&T constituted a significant data breach that affected around 9 million customers, primarily due to a third-party vendor's mishandling of data. The compromised information included Customer Proprietary Network Information (CPNI) such as first names, wireless account numbers, wireless phone numbers, and email addresses. Though more sensitive personal information remained secure, the scope of the data exposed and the number of individuals affected highlight the breach's seriousness.In response, AT&T acted swiftly by notifying federal law enforcement and im...
Show more
Impact
The recent cyber incident involving AT&T was a data breach that originated with a third-party vendor responsible for marketing services. Approximately 9 million customers were impacted, with exposed data including Customer Proprietary Network Information (CPNI) such as customer first names, wireless account numbers, wireless phone numbers, and email addresses. For a smaller group of customers, additional details like rate plan names, past due amounts, monthly payment amounts, and minutes used were also compromised.Fortunately, no sensitive personal information like Social Security numbers, c...
Show more
KEEP YOUR ENVIRONMENT SECURE
Weak credentials are the leading cause of breaches. Beyond Identity can help.
See MFA exploits in action
Watch how adversaries exploit companies in quick videos