Dive Overview:
A cyberattack focusing on AT&T’s Snowflake setting compromised information for almost the entire firm’s wi-fi prospects, the corporate mentioned in a submitting with the Securities and Exchange Commission on Friday. Nearly 110 million prospects have been affected, in keeping with AT&T’s annual report for the interval of the information breach. Data stolen through the intrusion included AT&T prospects’ name and textual content message data for the six months ending Oct. 31, 2022, and data by Jan. 2, 2023, the corporate mentioned within the SEC submitting. AT&T mentioned the assault didn’t expose the content material of calls or textual content messages, buyer names or any personally identifiable info. But the stolen data embrace telephone numbers AT&T wi-fi prospects have interacted with, the variety of these interactions, and whole name minutes for a day or month.
Dive Insights:
AT&T is one among at the very least 100 corporations affected by a sequence of assaults focusing on Snowflake buyer environments. AT&T spokesperson Andrea Huguely advised Cybersecurity Dive that buyer information was stolen from the corporate’s Snowflake database.
Mandiant mentioned in a menace intelligence report final month that the assaults focusing on Snowflake prospects weren’t attributable to a vulnerability, misconfiguration or compromise of Snowflake’s programs.
Mandiant mentioned the assault started with stolen credentials from a number of infostealer malware infections on non-Snowflake-owned programs, and that affected buyer accounts didn’t have multi-factor authentication arrange.
AT&T mentioned it grew to become conscious of the assault and theft of AT&T name data on April 19 and instantly started its incident response course of with the help of third-party cybersecurity specialists.
Wireless community supplier AT&T mentioned attackers gained entry to its Snowflake setting between April 14 and April 25.
“AT&T has taken further cybersecurity measures in response to this incident, together with blocking the illicit entry factors,” the corporate mentioned in a submitting with the SEC. “AT&T will notify affected present and former prospects.”
According to an SEC submitting, the telecommunications large postponed submitting its cybersecurity incident disclosure with the SEC after the FBI and Department of Justice granted postponements on May 9 and June 5, citing potential dangers to nationwide safety and public security. The FBI will settle for and examine the disclosure postponement requests earlier than referring them to the Department of Justice for a choice.
“AT&T, the FBI and DOJ labored collectively all through the primary and second deferral processes, sharing vital menace info to reinforce the FBI’s investigative powers and help AT&T in its incident response efforts,” an FBI spokesperson mentioned in an e-mail.
AT&T mentioned it continues to analyze and is cooperating with legislation enforcement. “Based on info obtained by AT&T, we’re conscious that at the very least one arrest has been made,” the corporate mentioned within the SEC submitting. “As of the submitting date, AT&T doesn’t consider that any information has been made public.”