Phone, text message records of \u2018nearly all\u2019 AT&T customers stolen | CyberScoop<\/title> <meta name=\"description\" content=\"The pilfered content, which contains aggregated metadata, was taken via the company\u2019s Snowflake instance.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/att-data-breach-snowflake\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Phone, text message records of \u2018nearly all\u2019 AT&T customers stolen\"> <meta property=\"og:description\" content=\"The pilfered content, which contains aggregated metadata, was taken via the company\u2019s Snowflake instance.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/att-data-breach-snowflake\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2024-07-12T14:32:27+00:00\"> <meta property=\"article:modified_time\" content=\"2024-07-12T15:03:57+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/phone-text-message-records-of-nearly-all-att-customers-stolen-2.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1280\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Christian Vasquez\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@chrismvasq\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1720117134g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1720540669g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1720001752g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=74528d75ce0daeb8628a\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/80995\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.5.5\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=80995\">\n<link rel=\"alternate\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fatt-data-breach-snowflake%2F\">\n<link rel=\"alternate\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fatt-data-breach-snowflake%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-80995 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/att-data-breach-snowflake\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.846325167038\">\n<div class=\"single-article__header-content\" readability=\"30.762331838565\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/news\/threats\/cybercrime\/\"> <span>Cybercrime<\/span> <\/a> <\/li>\n<\/ul>\n<p> The pilfered content, which contains aggregated metadata, was taken via the company\u2019s Snowflake instance. <\/p>\n<\/p><\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/phone-text-message-records-of-nearly-all-att-customers-stolen.jpg?resize=640%2C426&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/phone-text-message-records-of-nearly-all-att-customers-stolen-2.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/phone-text-message-records-of-nearly-all-att-customers-stolen-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/phone-text-message-records-of-nearly-all-att-customers-stolen-2.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/phone-text-message-records-of-nearly-all-att-customers-stolen-2.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/phone-text-message-records-of-nearly-all-att-customers-stolen-2.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/phone-text-message-records-of-nearly-all-att-customers-stolen-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/phone-text-message-records-of-nearly-all-att-customers-stolen-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/phone-text-message-records-of-nearly-all-att-customers-stolen-2.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/phone-text-message-records-of-nearly-all-att-customers-stolen-2.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/phone-text-message-records-of-nearly-all-att-customers-stolen-2.jpg?resize=1265,843 1265w\" sizes=\"(max-width: 1013px) 100vw, 1013px\"><figcaption> A visitor walks past the telecommunications giant AT&T’s logo at the Mobile World Congress (MWC), the telecom industry’s biggest annual gathering, in Barcelona on February 27, 2023. (Photo by PAU BARRENA\/AFP via Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"26.103092783505\"><body readability=\"52.869565217391\"><\/p>\n<p>Telecommunications giant AT&T announced Friday that hackers obtained six months of phone and text message records of \u201cnearly all\u201d of the company\u2019s customers. <\/p>\n<p>An AT&T spokesperson confirmed the data was pulled from Snowflake, making this incident one of the most significant data exfiltration attacks tied to <a href=\"https:\/\/cyberscoop.com\/as-many-as-165-companies-potentially-exposed-in-snowflake-related-attacks-mandiant-says\/\">the cloud platform\u2019s recent security woes<\/a>. AT&T said that they believe at least one person linked to the breach is under federal custody, <a href=\"https:\/\/www.sec.gov\/ix?doc=\/Archives\/edgar\/data\/0000732717\/000073271724000046\/t-20240506.htm\">per the company\u2019s SEC filing<\/a> describing the incident.<\/p>\n<p>AT&T said that hackers were able to exfiltrate the sensitive information ranging from May 2, 2022 to October 31, 2022, as well as information from January 2, 2023. The data includes phone numbers that an AT&T mobile phone communicated with, including AT&T landline users. In some cases, the data also contains specific cell site ID numbers linked to these interactions. The data <a href=\"https:\/\/www.att.com\/support\/article\/my-account\/000102979\">does not<\/a> include content, the timestamps of any calls or texts, social security numbers, dates of birth or other personally identifiable information.<\/p>\n<p>AT&T learned of the incident on April 19 and believes that the hackers accessed the Snowflake workspace between April 14 and April 25, 2024.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>AT&T is the latest in a string of major firms to suffer a data breach via the cloud storage platform Snowflake, most of which are believed to have occurred due to a lack of multi-factor authentication. Asked for comment, a Snowflake representative pointed to <a href=\"https:\/\/snowflake.discourse.group\/t\/detecting-and-preventing-unauthorized-user-access\/8967\">a blog post by CEO Brad Jones<\/a> that claims the company has \u201cnot identified evidence suggesting this activity was caused by a vulnerability, misconfiguration, or breach of Snowflake\u2019s platform,\u201d citing investigations by the incident response firms Mandiant and Crowdstrike.<\/p>\n<p>The company <a href=\"https:\/\/www.snowflake.com\/blog\/snowflake-admins-enforce-mandatory-mfa\/\">announced on Thursday<\/a> that administrators can now enforce mandatory multi-factor authentication for Snowflake users. <\/p>\n<p>The stolen data will be a goldmine for scammers, financially-motivated hackers, pig butchers, and nation-backed threats alike. AT&T says they do not believe the data has been made public.<\/p>\n<p>The Federal Communications Commission <a href=\"https:\/\/x.com\/FCC\/status\/1811773460739223630\">said<\/a> it is investigating the breach. <\/p>\n<p>A spokesperson for the Cybersecurity and Infrastructure Security Agency said in a statement that the agency is working to assess the impact of the breach.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p><strong>Updated July 12, 2024: <\/strong><em>This article has been updated to include a statement from the Federal Communications Commission<\/em>.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"1.6733333333333\">\n<div class=\"author-card\" readability=\"9\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/phone-text-message-records-of-nearly-all-att-customers-stolen-1.jpg?w=640&ssl=1\" alt=\"Christian Vasquez\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Christian Vasquez<\/h4>\n<p> Christian covers industrial cybersecurity for CyberScoop News. He previously wrote for E&E News at POLITICO covering cybersecurity in the energy sector. Reach out: christian.vasquez at cyberscoop dot com <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Geopolitics<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/att-data-breach-snowflake\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Phone, text message records of \u2018nearly all\u2019 AT&T customers stolen<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[282,440,338,2152,288],"tags":[286,444,341,2156,294],"class_list":["post-4434","post","type-post","status-publish","format-standard","hentry","category-cybercrime","category-data-breaches","category-department-of-justice-doj","category-snowflake","category-threats","tag-cybercrime","tag-data-breaches","tag-department-of-justice-doj","tag-snowflake","tag-threats"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybercrime\/\" rel=\"category tag\">cybercrime<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/data-breaches\/\" rel=\"category tag\">data breaches<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/department-of-justice-doj\/\" rel=\"category tag\">Department of Justice (DOJ)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/snowflake\/\" rel=\"category tag\">Snowflake<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a>","tag_info":"Threats","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/4434","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=4434"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/4434\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=4434"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=4434"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=4434"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":4434,"date":"2024-07-12T09:32:27","date_gmt":"2024-07-12T14:32:27","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=80995"},"modified":"2024-07-12T09:32:27","modified_gmt":"2024-07-12T14:32:27","slug":"phone-text-message-records-of-nearly-all-att-customers-stolen","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/07\/12\/phone-text-message-records-of-nearly-all-att-customers-stolen\/","title":{"rendered":"Phone, text message records of \u2018nearly all\u2019 AT&T customers stolen"},"content":{"rendered":"