AT&T Only Learned of Massive 2022 Data Breach This April; Delayed Revealing It at the Request of U.S. Law Enforcement
Brian Krebs:
In a written statement shared with KrebsOnSecurity, the FBI
confirmed that it asked AT&T to delay notifying affected
customers.
“Shortly after identifying a potential breach to customer data and
before making its materiality decision, AT&T contacted the FBI to
report the incident,” the FBI statement reads. “In assessing the
nature of the breach, all parties discussed a potential delay to
public reporting under Item 1.05(c) of the SEC Rule, due to
potential risks to national security and/or public safety. AT&T,
FBI, and DOJ worked collaboratively through the first and second
delay process, all while sharing key threat intelligence to
bolster FBI investigative equities and to assist AT&T’s incident
response work.”
Techcrunch quoted an AT&T spokesperson saying the customer data
was stolen as a result of a still-unfolding data breach involving
more than 160 customers of the cloud data provider Snowflake.
Mark Burnett is an application security architect, consultant and
author. Burnett said the only real use for the data stolen in the
most recent AT&T breach is to know who is contacting whom and how
many times.
“The most concerning thing to me about this AT&T breach of ALL
customer call and text records is that this isn’t one of their
main databases; it is metadata on who is contacting who,” Burnett
wrote on Mastodon. “Which makes me wonder what would call logs
without timestamps or names have been used for.”
It remains unclear why so many major corporations persist in the
belief that it is somehow acceptable to store so much sensitive
customer data with so few security protections. For example,
Advance Auto Parts said the data exposed included full names,
Social Security numbers, drivers licenses and government issued ID
numbers on 2.3 million people who were former employees or job
applicants.
★
Brian Krebs:
In a written statement shared with KrebsOnSecurity, the FBI
confirmed that it asked AT&T to delay notifying affected
customers.
“Shortly after identifying a potential breach to customer data and
before making its materiality decision, AT&T contacted the FBI to
report the incident,” the FBI statement reads. “In assessing the
nature of the breach, all parties discussed a potential delay to
public reporting under Item 1.05(c) of the SEC Rule, due to
potential risks to national security and/or public safety. AT&T,
FBI, and DOJ worked collaboratively through the first and second
delay process, all while sharing key threat intelligence to
bolster FBI investigative equities and to assist AT&T’s incident
response work.”
Techcrunch quoted an AT&T spokesperson saying the customer data
was stolen as a result of a still-unfolding data breach involving
more than 160 customers of the cloud data provider Snowflake.
Mark Burnett is an application security architect, consultant and
author. Burnett said the only real use for the data stolen in the
most recent AT&T breach is to know who is contacting whom and how
many times.
“The most concerning thing to me about this AT&T breach of ALL
customer call and text records is that this isn’t one of their
main databases; it is metadata on who is contacting who,” Burnett
wrote on Mastodon. “Which makes me wonder what would call logs
without timestamps or names have been used for.”
It remains unclear why so many major corporations persist in the
belief that it is somehow acceptable to store so much sensitive
customer data with so few security protections. For example,
Advance Auto Parts said the data exposed included full names,
Social Security numbers, drivers licenses and government issued ID
numbers on 2.3 million people who were former employees or job
applicants.