Massive Snowflake-linked attack exposes data on nearly 110M AT&T customers – Cybersecurity Dive
Let Cybersecurity Dive’s free newsletter keep you informed, straight from your inbox.
Attackers breached AT&T’s Snowflake environment for 11 days in April, and stole customers’ call and text message records spanning a six-month period from 2022.
AT&T is one of at least 100 companies impacted by a wave of attacks targeting Snowflake customer environments. AT&T spokesperson Andrea Huguely told Cybersecurity Dive the customer data was stolen from the carrier’s Snowflake database.
The attacks targeting Snowflake customers were not caused by a vulnerability, misconfiguration or breach of Snowflake’s systems, Mandiant said last month in a threat intelligence report.
Stolen credentials obtained from multiple infostealer malware infections on non-Snowflake owned systems were the point of entry for the attacks, Mandiant said. Impacted customer accounts were not configured with multifactor authentication.
AT&T said it became aware of the attack and theft of AT&T call logs on April 19, and immediately activated its incident response process with the aid of third-party cybersecurity experts.
Attackers accessed AT&T’s Snowflake environment between April 14 and April 25, the wireless network provider said.
“AT&T has taken additional cybersecurity measures in response to this incident including closing off the point of unlawful access,” the company said in the SEC filing. “AT&T will provide notice to its current and former impacted customers.”
The telecom giant delayed filing a cybersecurity incident disclosure with the SEC after the FBI and Justice Department granted delays on May 9 and June 5 due to potential risks to national security and public safety, according to the SEC filing. The FBI fields and investigates disclosure delay requests before referring decisions to the DOJ.
“AT&T, FBI, and DOJ worked collaboratively through the first and second delay process, all while sharing key threat intelligence to bolster FBI investigative equities and to assist AT&T’s incident response work,” a spokesperson for the FBI said via email.
AT&T said it’s working with law enforcement in an ongoing investigation. “Based on information available to AT&T, it understands that at least one person has been apprehended,” the company said in the SEC filing. “As of the date of the filing, AT&T does not believe that the data is publicly available.”
Get the free daily newsletter read by industry experts
Cybersecurity Dive asked CISOs and other cyber experts what they do with their passwords. Here’s how they manage the mess that awaits us all.
It marks the first major update to federal risk guidance since 2014 and incorporates new issues, including supply chain security and threats to small business.
Subscribe to Cybersecurity Dive for top news, trends & analysis
Get the free daily newsletter read by industry experts
Want to share a company announcement with your peers?
Get started ➔
Cybersecurity Dive asked CISOs and other cyber experts what they do with their passwords. Here’s how they manage the mess that awaits us all.
It marks the first major update to federal risk guidance since 2014 and incorporates new issues, including supply chain security and threats to small business.
The free newsletter covering the top industry headlines
This article was autogenerated from a news feed from CDO TIMES selected high quality news and research sources. There was no editorial review conducted beyond that by CDO TIMES staff. Need help with any of the topics in our articles? Schedule your free CDO TIMES Tech Navigator call today to stay ahead of the curve and gain insider advantages to propel your business!
Attackers breached AT&T’s Snowflake environment for 11 days in April, and stole customers’ call and text message records spanning a six-month period from 2022.
AT&T is one of at least 100 companies impacted by a wave of attacks targeting Snowflake customer environments. AT&T spokesperson Andrea Huguely told Cybersecurity Dive the customer data was stolen from the carrier’s Snowflake database.
The attacks targeting Snowflake customers were not caused by a vulnerability, misconfiguration or breach of Snowflake’s systems, Mandiant said last month in a threat intelligence report.
Stolen credentials obtained from multiple infostealer malware infections on non-Snowflake owned systems were the point of entry for the attacks, Mandiant said. Impacted customer accounts were not configured with multifactor authentication.
AT&T said it became aware of the attack and theft of AT&T call logs on April 19, and immediately activated its incident response process with the aid of third-party cybersecurity experts.
Attackers accessed AT&T’s Snowflake environment between April 14 and April 25, the wireless network provider said.
“AT&T has taken additional cybersecurity measures in response to this incident including closing off the point of unlawful access,” the company said in the SEC filing. “AT&T will provide notice to its current and former impacted customers.”
The telecom giant delayed filing a cybersecurity incident disclosure with the SEC after the FBI and Justice Department granted delays on May 9 and June 5 due to potential risks to national security and public safety, according to the SEC filing. The FBI fields and investigates disclosure delay requests before referring decisions to the DOJ.
“AT&T, FBI, and DOJ worked collaboratively through the first and second delay process, all while sharing key threat intelligence to bolster FBI investigative equities and to assist AT&T’s incident response work,” a spokesperson for the FBI said via email.
AT&T said it’s working with law enforcement in an ongoing investigation. “Based on information available to AT&T, it understands that at least one person has been apprehended,” the company said in the SEC filing. “As of the date of the filing, AT&T does not believe that the data is publicly available.”
Get the free daily newsletter read by industry experts
Cybersecurity Dive asked CISOs and other cyber experts what they do with their passwords. Here’s how they manage the mess that awaits us all.
It marks the first major update to federal risk guidance since 2014 and incorporates new issues, including supply chain security and threats to small business.
Subscribe to Cybersecurity Dive for top news, trends & analysis
Get the free daily newsletter read by industry experts
Want to share a company announcement with your peers?
Get started ➔
Cybersecurity Dive asked CISOs and other cyber experts what they do with their passwords. Here’s how they manage the mess that awaits us all.
It marks the first major update to federal risk guidance since 2014 and incorporates new issues, including supply chain security and threats to small business.
The free newsletter covering the top industry headlines
This article was autogenerated from a news feed from CDO TIMES selected high quality news and research sources. There was no editorial review conducted beyond that by CDO TIMES staff. Need help with any of the topics in our articles? Schedule your free CDO TIMES Tech Navigator call today to stay ahead of the curve and gain insider advantages to propel your business!
