In a déjà-vu nightmare, US phone giant AT&T has notified customers that cybercriminals managed to download phone call and text message records of “nearly all of AT&T cellular customers from May 1, 2022 to October 31, 2022 as well as on January 2, 2023”.
In a filing with the Securities and Exchange Commission (SEC), AT&T said:
“On April 19, 2024, AT&T Inc. (“AT&T”) learned that a threat actor claimed to have unlawfully accessed and copied AT&T call logs.”
AT&T says the customer data was illegally downloaded from its workspace on a third-party cloud platform. This might be related to the Snowflake incidents we have seen several of by now.
In the statement, AT&T specifies which data it believes was stolen:
“The call and text records identify the phone numbers with which an AT&T number interacted during this period, including AT&T landline (home phone) customers. It also included counts of those calls or texts and total call durations for specific days or months.”
And which data is unlikely to be included:
“The downloaded data doesn’t include the content of any calls or texts. […]
When you read about the eroding trust of the American public in large institutions think of this. Again and again large corporations protect their managerial class at the expense of the working class, the users of the service. Profits over people again and again with no one held to account.