AT&T has revealed that the call and text logs of approximately 109 million customers were exposed in a data breach. The breach, which occurred between April 14 and April 25, 2024, involved unauthorized access to data stored on a third-party cloud platform operated by Snowflake.

The compromised data includes records of calls and texts from May 1 to October 31, 2022, and a small subset from January 2, 2023. While the content of the calls and messages was not accessed, the exposed data includes phone numbers, total count of calls and texts and to what numbers, and call durations. Additionally, for some customers, cell site identification numbers were included, which could potentially reveal approximate locations during communications.

AT&T confirmed the breach in a filing with the Securities and Exchange Commission (SEC), explaining that threat actors had unlawfully accessed an AT&T workspace on a third-party cloud platform (Snowflake). The company emphasized that sensitive personal information, such as Social Security numbers, dates of birth, and customer names, were not exposed. However, it acknowledged that publicly available tools can often link phone numbers to specific individuals.

The breach affects not only AT&T cellular customers but also those of other wireless providers using AT&T’s network and AT&T landline customers who communicated with affected cell numbers. AT&T’s 2023 annual report lists 127 million devices connected to its wireless network.

Following the discovery of the breach, AT&T took immediate steps to secure the access point. The company has been collaborating with the FBI and the Department of Justice in response to the incident. AT&T reported that at least one individual involved in the breach has been apprehended.

To address the potential risks, AT&T will be notifying current and former customers whose data was compromised and is providing resources to help them protect their information. The company has assured customers via a notice on its website that they don’t believe that the stolen data has been made publicly available.

AT&T is the latest company to suffer from the Snowflake attack, with previous victims including Santander and Ticketmaster. The breach has been attributed to a cybercriminal group, known only by the identifier UNC5537, as identified by Mandiant.