When confirming particulars of an enormous knowledge breach of about 110 million prospects, AT&T on Friday additionally revealed that it turned apparently the primary enterprise to be given permission to initially maintain breach particulars secret, after which was cleared to publish.
The incident itself — which AT&T stated stemmed from a sequence of Snowflake assaults — revealed name knowledge, however not the particulars of these calls. AT&T stated that though the data stolen doesn’t reveal buyer names, it identified that “there are sometimes methods, utilizing publicly accessible on-line instruments, to search out the title related to a particular phone quantity.”
AT&T spokesperson Jim Kimberly stated in a telephone interview with CSOonline that the stolen knowledge, which was on a third-party workspace and spans the intervals between roughly Might 1 and October 31, 2022, in addition to January 2, 2023, shouldn’t be almost on the element stage that, for instance, prospects are used to seeing of their AT&T telephone invoice. “Image what’s in your telephone invoice. (What was stolen) shouldn’t be almost that detailed,” Kimberly stated. “It’s extra like ‘this telephone quantity contacted this telephone quantity and have been linked for this many minutes’.”
