In Short:
Two U.S. senators have asked AT&T to explain a massive hacking incident in April where 109 million customer accounts were illegally downloaded. The stolen data includes call logs and text messages from nearly all customers, raising concerns about privacy and security risks. AT&T has promised to respond to the senators’ inquiries, while the FBI is investigating the breach.
By David Shepardson
Senators Question AT&T Over Massive Hacking Incident
WASHINGTON: Two U.S. senators have requested answers from AT&T regarding a significant hacking incident that occurred in April. The breach resulted in the unauthorized downloading of approximately 109 million customer accounts at the U.S. wireless company.
Senator Richard Blumenthal, a Democrat who chairs a subcommittee on investigations, and Republican Josh Hawley, are seeking details following the disclosure by AT&T that its call logs were copied from its workspace on a Snowflake cloud platform, covering about six months of customer call and text data from 2022.
“The stolen information could provide cybercriminals, spies, and stalkers with a logbook of the communications and activities of AT&T customers over several months, including personal details such as their locations and travel histories,” stated the letter addressed to AT&T CEO John Stankey, which also inquired about potential compensation for affected consumers.
AT&T has committed to responding directly to the senators regarding their concerns. The senators also expressed apprehension that the sensitive data stolen from AT&T could be sold to criminals or foreign intelligence agencies.
A separate letter addressing concerns about recent data breaches of Snowflake clients was also sent by the senators to Snowflake. The FBI is currently investigating the matter, with at least one arrest made in relation to the breach.
The breach at AT&T is the latest in a series of cyberattacks affecting a large number of Americans. It follows a ransomware attack on UnitedHealth Group’s Change Healthcare unit in February, impacting an estimated one-third of the population and potentially exposing private data.
The Federal Communications Commission has initiated its own investigation into the incident. In March, AT&T reported investigating a data set released on the “dark web,” affecting approximately 7.6 million current account holders and 65.4 million former account holders. The company believes the data set originates from 2019 or earlier.
