The hack of nearly all of AT&T’s customers last week was part of a campaign targeting users of the corporate cloud platform Snowflake that security researchers said is “ongoing”.
Personal data on most of AT&T’s customers was downloaded in a massive hack as it became the latest firm to disclose the effects of security breaches of Snowflake cloud platform customers that first came to light in April.
AT&T said it became aware on 19 April that data had been transferred from its Snowflake workspace to that of a third party. It delayed disclosure until Friday at the request of the US Justice Department, the company said.
The breach was disclosed in a Securities and Exchange Commission (SEC) filing that was made public on Friday.
The Justice Department said earlier in the day that disclosure of the breach would “pose a substantial risk to national security and public safety”.
The FBI said it was working with AT&T and the Justice Department “through the first and second delay process, all while sharing key threat intelligence to bolster FBI investigative equities and to assist AT&T’s incident response work”.
The data includes records of calls made from 1 May 2022 to 31 October 2022 and was downloaded in April, AT&T said.
The compromised data includes records on nearly all of AT&T’s cellular customers, customers of mobile virtual network operators (MVNOs) using AT&T’s wireless network and AT&T landline customers who interacted with those cellular numbers.
“At this time, we do not believe that the data is publicly available,” AT&T said.
Computer security firm Mandiant said in June that it and Snowflake had notified about 165 corporate customers about breaches, the first time an indication had been given about the number of hacks on the platform that began in April.
Snowflake has more than 9,800 corporate customers, including healthcare organisations, retail giants and tech firms, which use Snowflake for data analytics.
Ticketmaster and LendingTree earlier confirmed data thefts involving Snowflake workspaces.
Mandiant said at the time that the “ongoing” threat campaign was being carried out by a criminal gang it called UNC5537 that has members in North America and at least one in Turkey.
It said the group was trying to extort companies into paying to get their files back and to stop them from being disclosed publicly.
Mandiant said it had found “hundreds of customer Snowflake credentials exposed via infostealers”.
The credentials are believed to have been stolen from corporate staff members who have access to a company’s Snowflake environment.
US finalises $4.7bn award to Samsung Electronics, $1.6bn to Texas Instruments to boost domestic chip…
OpenAI begins safety testing of new model o3 that uses 'reasoning' process to ensure reliability…
US Commerce Department reportedly adding China's Sophgo to trade blacklist after TSMC-manufactured part found in…
Amazon staff in seven cities across US go on strike after company fails to negotiate,…
Two US senators ask president Joe Biden to delay TikTok ban by 90 days after…
Reporters Without Borders calls on Apple to remove AI notification summaries feature after it generates…