CISA sent out an alert on Friday regarding AT&T's recent disclosure of a data breach. AT&T reported unauthorized access of customer data in a third-party cloud platform. CISA encourages affected customers to review AT&T’s disclosure for additional information and guidance.

What Happened

AT&T customer data was stolen in a data breach from third-party cloud platform, Snowflake. The stolen data reportedly is not believed to contain sensitive information like call or text content, timestamps, Social Security numbers, or birthdates. However, the stolen data identified does include phone call and text message records of nearly all AT&T cellular customers during specific periods.

In a regulatory filing with the U.S. Securities and Exchange Commission on Friday, “AT&T believes that threat actors unlawfully accessed an AT&T workspace on a third-party cloud platform and, between April 14 and April 25, 2024, exfiltrated files containing AT&T records of customer call and text interactions that occurred between approximately May 1 and October 31, 2022, as well as on January 2, 2023.” The stolen data is also believed to include records of calls and texts for mobile providers that resell AT&T’s service such as Boost Mobile, Cricket Wireless, H2O, and Straight Talk Wireless.

AT&T has ensured that the initial access point used by attackers has been secured and is continuing to collaborate with law enforcement to address the situation. Affected customers will be notified while the company addresses ways to prevent further unauthorized access in the future. For more information, visit AT&T.