• AT&T : Unlawful access of customer data

    Home » Forums » Cyber Security Information and Advisories » Code Red – Security/Privacy advisories » AT&T : Unlawful access of customer data

    Author
    Topic
    Alex5723
    AskWoody Plus
    July 12, 2024 at 11:21 am #2687238

    https://www.att.com/support/article/my-account/000102979

    What happened
    We learned that AT&T customer data was illegally downloaded from our workspace on a third-party cloud platform. We started an investigation and engaged leading cybersecurity experts to help us determine the nature and scope of the issue. We have confirmed the access point has been secured.

    Our investigation found that the downloaded data included phone call and text message records of nearly all of AT&T cellular customers from May 1, 2022 to October 31, 2022 as well as on January 2, 2023.

    The call and text records identify the phone numbers with which an AT&T number interacted during this period, including AT&T landline (home phone) customers. It also included counts of those calls or texts and total call durations for specific days or months.

    We’ll notify current and former customers if their information was involved…

    1 user thanked author for this post.
    Mr. Austin
    Reply | Quote
    Viewing 8 reply threads
    Author
    Replies
    • Susan Bradley
      Manager
      July 12, 2024 at 12:06 pm #2687253

      Why keep two year old data on some third party cloud somewhere?

      Susan Bradley Patch Lady/Prudent patcher

      Reply | Quote
      • Mr. Austin
        AskWoody Plus
        July 12, 2024 at 12:08 pm #2687255

        @SusanBradley A very germane question. Which they will resist answering.

        Human, who sports only naturally-occurring DNA ~ oneironaut ~ broadcaster

        Reply | Quote
    • Mr. Austin
      AskWoody Plus
      July 12, 2024 at 12:06 pm #2687254

      This also showed up in one of my social media feeds. No mobile provider is ever to be trusted. Not even one of them. And DOJ and FBI ruined their trusts decades ago. I use secured communications for my most sensitive stuff. I tend to avoid phones if I want something to be away from the more common network sniffers.

      Human, who sports only naturally-occurring DNA ~ oneironaut ~ broadcaster

      Reply | Quote
    • Alex5723
      AskWoody Plus
      July 12, 2024 at 12:20 pm #2687260
      Susan Bradley wrote:

      Why keep two year old data on some third party cloud somewhere?

      Where should they keep the data if not on cloud providers (AWS, Microsoft Azur, Google..) ?

      1 user thanked author for this post.
      Mr. Austin
      Reply | Quote
      • Susan Bradley
        Manager
        July 12, 2024 at 2:17 pm #2687292

        No, why is there a need for two year old data?  Someone is having to pay for storage.

        Susan Bradley Patch Lady/Prudent patcher

        Reply | Quote
    • Mr. Austin
      AskWoody Plus
      July 12, 2024 at 12:46 pm #2687271

      I downloaded the AT&T records of a good friend whose phone number was compromised in the theft. AT&T’s retrieval process was ‘secured’ by needing password and user name access.

      From what I’ve seen AT&T and all concerned are being truly disingenuous at best. And they don’t look like they know what they’re doing based on the wording of the screenshot.

      And they included columns for cell tower location and ID in which they omitted all data. So I wonder, did they omit the data because AT&T didn’t want to provide it, or because those data are claimed to not be part of the theft?

      Human, who sports only naturally-occurring DNA ~ oneironaut ~ broadcaster

      Reply | Quote
    • Alex5723
      AskWoody Plus
      July 12, 2024 at 11:55 pm #2687379
      Susan Bradley wrote:

      why is there a need for two year old data?

      Maybe for customers (FBI) inquiries ?

      * Your bank holds your transactions… data forever.

      Reply | Quote
    • Alex5723
      AskWoody Plus
      July 15, 2024 at 10:04 am #2687930

      AT&T Paid a Hacker $370,000 to Delete Stolen Phone Records

      US telecom giant AT&T, which disclosed Friday that hackers had stolen the call records for tens of millions of its customers, paid a member of the hacking team more than $300,000 to delete the data and provide a video demonstrating proof of deletion…

      * Isn’t it unlawful by US laws to pay ransom to hackers?

      Reply | Quote
      • Mr. Austin
        AskWoody Plus
        July 18, 2024 at 12:13 pm #2688673

        Perfect. NOT!! Let your customers’ data be stolen, and then pay a ransom! Compounding the thoughtless ignorance?

        Human, who sports only naturally-occurring DNA ~ oneironaut ~ broadcaster

        Reply | Quote
    • n0ads
      AskWoody Lounger
      July 15, 2024 at 10:21 am #2687931

      While using a ransom payment for anything is illegal in the US, it’s not illegal to pay a ransom.

      However, US/local governments, cybersecurity experts and law enforcement agencies all strongly discouraged doing so as it just encourages future such attacks.

      The US Department of the Treasury has also issued an advisory warning companies they could face possible legal trouble as such payments “may” violate Office of Foreign Assets Control regulations.

      2 users thanked author for this post.
      Mr. Austin, Alex5723
      Reply | Quote
    • Myst
      AskWoody Plus
      July 15, 2024 at 3:38 pm #2688015

      Here is a better account in detail of the hack and ransom concerning stolen records of ATT customers. Better to get the info from a reliable source. And this link at 9To5Mac seems to include all the details of an accurate and thorough account, to date. Current as of July 15.
      https://9to5mac.com/2024/07/15/att-hack-ransom-fbi/

      MacOS iPadOS and sometimes SOS

      4 users thanked author for this post.
      Lars220, Mr. Austin, SueW, TechTango
      Reply | Quote
    • Mr. Austin
      AskWoody Plus
      July 18, 2024 at 12:16 pm #2688674

      OK, people (bots please look away 😉). Here’s AT&T’s notice to a friend about their account dated today.

      The usual disingenuous statement for the record. And when AT&T writes that no really important data were stolen, why should anyone trust that if the theft occurred in the first place? *I* sure wouldn’t.

      Human, who sports only naturally-occurring DNA ~ oneironaut ~ broadcaster

      2 users thanked author for this post.
      Lars220, Alex5723
      Reply | Quote
    Viewing 8 reply threads
    Reply To: AT&T : Unlawful access of customer data

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information:




DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    June 2025
    S M T W T F S
    1234567
    891011121314
    15161718192021
    22232425262728
    2930  

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.