{
	"id": "7164a8ad-4366-4cac-add9-26b4b8ba45bd",
	"created_at": "2026-04-06T00:08:25.43172Z",
	"updated_at": "2026-04-10T13:12:43.481995Z",
	"deleted_at": null,
	"sha1_hash": "bd457cb38fd2a9e916477638e4c0a99432a863a0",
	"title": "Massive AT\u0026T data breach exposes call logs of 109 million customers",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 1458561,
	"plain_text": "Massive AT\u0026T data breach exposes call logs of 109 million customers\r\nBy Bill Toulas\r\nPublished: 2024-07-12 · Archived: 2026-04-05 21:10:26 UTC\r\nAT\u0026T is warning of a massive data breach where threat actors stole the call logs for approximately 109 million customers,\r\nor nearly all of its mobile customers, from an online database on the company's Snowflake account.\r\nThe company confirmed to BleepingComputer that the data was stolen from the Snowflake account between April 14 and\r\nApril 25, 2024.\r\nIn a Friday morning Form 8-K filling with the SEC, AT\u0026T says that the stolen data contains the call and text records of\r\nnearly all AT\u0026T mobile clients and customers of mobile virtual network operators (MVNOs) made from May 1 to October\r\n31, 2022 and on January 2, 2023.\r\nhttps://www.bleepingcomputer.com/news/security/massive-atandt-data-breach-exposes-call-logs-of-109-million-customers/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/massive-atandt-data-breach-exposes-call-logs-of-109-million-customers/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nThe stolen data includes:\r\nTelephone numbers of AT\u0026T wireline customers and customers of other carriers.\r\nTelephone numbers with which AT\u0026T or MVNO wireless numbers interacted.\r\nCount of interactions (e.g., the number of calls or texts).\r\nAggregate call duration for a day or month.\r\nFor a subset of records, one or more cell site identification numbers.\r\nThe exposed records did not contain the content of the calls or texts, customer names, or any other personal information\r\nsuch as Social Security numbers or dates of birth.\r\nAlthough the accessed logs do not contain sensitive information that directly exposes customer identities, the\r\ncommunications metadata can be used to correlate them with publicly available information and easily derive identities in\r\nmany cases.\r\nThe company says that after learning of the breach they worked with cybersecurity experts and notified law enforcement.\r\nThe US Department of Justice gave AT\u0026T permision twice, on May 9, 2024 and June 5, 2024, to delay public notification\r\ndue to the potential risks to national security and public safety.\r\n\"Shortly after identifying a potential breach to customer data and before making its materiality decision, AT\u0026T contacted the\r\nFBI to report the incident. In assessing the nature of the breach, all parties discussed a potential delay to public reporting\r\nunder Item 1.05(c) of the SEC Rule, due to potential risks to national security and/or public safety,\" the FBI told\r\nBleepingComputer.\r\n\"AT\u0026T, FBI, and DOJ worked collaboratively through the first and second delay process, all while sharing key threat\r\nintelligence to bolster FBI investigative equities and to assist AT\u0026T’s incident response work.\"\r\n\"The FBI prioritizes assistance to victims of cyber-attacks, encourages organizations to establish a relationship with their\r\nlocal FBI field office in advance of a cyber incident, and to contact the FBI early in the event of breach.\"\r\nAT\u0026T is working with law enforcement to arrest those involved and states that they understand at least one person has\r\nalready been apprehended.\r\nAT\u0026T said it has implemented additional cybersecurity measures to block unauthorized access attempts in the future, and it\r\npromised to notify current and former customers impacted by this incident soon.\r\nMeanwhile, AT\u0026T customers can follow the links provided on this FAQ page to check if their phone number's data was\r\nexposed and to download the data associated with their number that was stolen.\r\nAs of today, AT\u0026T says it has no evidence the accessed data has been made publicly available and says the incident is not\r\nrelated to the 2021 data breach AT\u0026T confirmed earlier this year impacted 51 million customers.\r\nThe Snowflake data theft attacks\r\nAT\u0026T has confirmed to BleepingComputer that the data was stolen from its Snowflake account as part of a wave of recent\r\ndata theft attacks using compromised credentials.\r\nSnowflake is a cloud-based database provider that allows customers to perform data warehousing and analytics on large\r\nvolumes of data.\r\nLast month, Mandiant revealed that a financially motivated threat actor tracked as 'UNC5537' was behind multiple attacks\r\nagainst Snowflake customers, using account credentials stolen via infostealer malware.\r\nSnowflake has since introduced a mandatory multi-factor authentication (MFA) enforcement option for workspace\r\nadministrators to protect accounts against easy take-overs leading to data breaches impacting millions of people.\r\nhttps://www.bleepingcomputer.com/news/security/massive-atandt-data-breach-exposes-call-logs-of-109-million-customers/\r\nPage 3 of 4\n\nThe list of high-profile victims to which AT\u0026T is being added now includes Advance Auto Parts, Pure Storage, Los Angeles\r\nUnified, Neiman Marcus, Ticketmaster, and Banco Santander.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/massive-atandt-data-breach-exposes-call-logs-of-109-million-customers/\r\nhttps://www.bleepingcomputer.com/news/security/massive-atandt-data-breach-exposes-call-logs-of-109-million-customers/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/massive-atandt-data-breach-exposes-call-logs-of-109-million-customers/"
	],
	"report_names": [
		"massive-atandt-data-breach-exposes-call-logs-of-109-million-customers"
	],
	"threat_actors": [
		{
			"id": "358432a9-d927-43c7-9201-b7aa7d184c26",
			"created_at": "2024-06-20T02:02:10.317536Z",
			"updated_at": "2026-04-10T02:00:05.043265Z",
			"deleted_at": null,
			"main_name": "UNC5537",
			"aliases": [],
			"source_name": "ETDA:UNC5537",
			"tools": [],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "c3c24777-7c0f-4772-b273-2163ac5a6b67",
			"created_at": "2024-06-19T02:00:04.373472Z",
			"updated_at": "2026-04-10T02:00:03.651748Z",
			"deleted_at": null,
			"main_name": "UNC5537",
			"aliases": [],
			"source_name": "MISPGALAXY:UNC5537",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434105,
	"ts_updated_at": 1775826763,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/bd457cb38fd2a9e916477638e4c0a99432a863a0.pdf",
		"text": "https://archive.orkl.eu/bd457cb38fd2a9e916477638e4c0a99432a863a0.txt",
		"img": "https://archive.orkl.eu/bd457cb38fd2a9e916477638e4c0a99432a863a0.jpg"
	}
}