In confirming details of a massive data breach of about 110 million customers, AT&T on Friday also revealed that it was the first company to be given permission to initially keep details of the breach private, then to publish them.
The incident itself — which AT&T said stemmed from a series of Snowflake attacks — exposed call data, but not the details of those calls. AT&T said that while the stolen information did not reveal the names of customers, it pointed out that “there are often ways, using publicly available online tools, to find a name associated with a particular phone number.”
AT&T spokesman Jim Kimberly said in a phone interview with CSOonline that the stolen data, which was on a third-party site and covered the periods between May 1 and October 31, 2022, and January 2, 2023, is almost complete. level of detail, for example, that customers are used to seeing on their AT&T phone bill. “Imagine what is on your phone bill. (What was stolen) is not that clear yet,” said Kimberly. “It’s like ‘this phone number contacted this phone number and was connected for so many minutes’.”
Source link