The company said the records do not appear to be publicly available, and that it “has taken additional cybersecurity measures … including closing off the point of unlawful access.”
The hack marks the latest large-scale security incident for AT&T. In late March, the company disclosed that account information from 73 million current and former customers had been leaked to the dark web. A massive cellphone outage in late February disrupted the cellphone services of at least 1.7 million customers, though the company said it was caused by a technical error.
The incidents underscore the massive reach of America’s leading wireless carriers. The total number of connected devices on the AT&T network grew to 127 million at the end of 2023, according to the company’s 2023 annual report. That includes roughly 87 million postpaid wireless subscribers.
The company did not specify a client number for the latest breach, saying only that “nearly all” of its wireless customers, as well as mobile virtual network operators and AT&T landline customers, had been affected.
GET CAUGHT UP
Stories to keep you informed
Names and personal information such as Social Security numbers or credit card numbers were not compromised, but the carrier warned that cellphone numbers can easily be connected to names through online tools.
The breach was discovered in late April and reported to the Department of Justice, which AT&T said has apprehended at least one person. Agency officials did not immediately respond to a request for comment.
“The incident was limited to an AT&T workspace on Snowflake’s cloud platform and did not impact AT&T’s network,” the company said. It said affected consumers would be notified and provided with resources to help protect their information.
“We sincerely regret this incident occurred and remain committed to protecting the information in our care,” the company said.
Snowflake, in a statement from company Chief Information Officer Brad Jones, said it hasn’t seen any evidence suggesting a breach of its platform. The company has provided updates on its blog about a “targeted threat campaign” against some of its customers, although it wasn’t immediately clear whether that campaign is connected to the AT&T incident.
“We have not identified evidence suggesting this activity was caused by a vulnerability, misconfiguration, or breach of Snowflake’s platform,” Jones said, adding that this was confirmed by investigations from the cybersecurity companies Mandiant and CrowdStrike.
The company said the hack wouldn’t be material to its operations or negatively impact its financial results.
