A breach by US telco AT&T has been linked to the records that were stolen from Snowflake earlier this summer.

News emerged on Friday of the AT&T breach, after the company disclosed in a filing with the Securities and Exchange Commission that it was the victim of a massive breach that affected tens of millions of its cellular customers.

According to SC US, the incident was caused by an illegal download from a third-party cloud platform, affecting nearly all of its cellular customers, and users of mobile virtual network operators using AT&T's network and landline customers who interacted with those numbers between May 1st and October 31st, 2022.

Incident Investigation

Upon discovering the breach on April 19th, AT&T initiated an investigation and took measures to block the illegal access point. The company emphasised that this incident is unrelated to a previous breach earlier in the spring.

AT&T assured customers that the breached data does not include the content of calls or texts, or personal information such as Social Security numbers or dates of birth.

AT&T also stated that it currently believes the data is not publicly available. 

Snowflake Impact?

According to Tech Crunch, the customer records were stolen from Snowflake during the recent flurry of incidents that the cloud data company experienced, and AT&T confirmed to SC US that the data breach occurred outside of its network, and via Snowflake.

While it would not discuss specific customers, Snowflake said: "We have not identified evidence suggesting this activity was caused by a vulnerability, misconfiguration, or breach of Snowflake’s platform."

Deeply Concerning

Javvad Malik, lead security awareness advocate at KnowBe4, added, "It is deeply concerning that an organisation of AT&T's stature and resources failed to detect such a massive breach for an extended period. The fact that the breach continued into early 2023 and affected not only AT&T's direct customers but also those from other carriers using AT&T's network, underscores the far-reaching consequences of such incidents. 

“The long-term impact of this breach cannot be overstated. The exposed data could be exploited for sophisticated phishing attempts, identity theft, and other nefarious activities for years to come. It is a stark reminder that the repercussions of a data breach extend far beyond the initial incident and can have lasting consequences for the affected individuals.

"As the full extent of the breach continues to unfold, it serves as a wake-up call for both organisations and individuals. Organisations must prioritise cybersecurity and implement stringent measures to detect and prevent such incidents. Consumers, on the other hand, must become increasingly vigilant about their digital footprint and take steps to protect their personal information.”

Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.