Senators investigating AT&T hack that affected nearly every customer

Two senators are leading a bipartisan probe into the hack of telecommunications giant AT&T that exposed text message and phone call records of nearly all customers.

According to AT&T, hackers stole phone and text message records of almost every customer from May 1, 2022, to Oct. 31, 2022, and from Jan. 2, 2023. The company has said the records do not include the messages’ and calls’ content.

Sen. Richard Blumenthal, Connecticut Democrat, and Sen. Josh Hawley, Missouri Republican, demanded information on Tuesday from AT&T about the breach that the lawmakers said “appears to have been easily preventable.”

The hackers are suspected of stealing AT&T customers’ data through the cloud computing platform Snowflake. While the stolen AT&T records do not include names and addresses, the senators fear it is easy to pair a phone number with a name and noted the stolen data included location information. 

“Taken together, the stolen information can easily provide cybercriminals, spies, and stalkers a logbook of the communications and activities of AT&T customers over several months, including where those customers live and traveled — a stunning and dangerous breach of its customers’ privacy and intrusion into their personal lives,” the senators wrote to AT&T. 

The senators said all AT&T customers should be deeply concerned about the hack. 

“While AT&T stated that it ‘do[es] not believe the data is publicly available,’ the group behind the breach, ShinyHunters, has already leaked records of Ticketmaster customers, demanded ransoms, and offered for public sale large sets of data stolen from Snowflake customers,” the senators wrote. 

AT&T said in a statement on its website that it is working with law enforcement and believes “at least one person has been apprehended” in connection with the data theft. 

“Protecting your data is one of our top priorities,” the statement on AT&T’s website said. “We have confirmed the affected access point has been secured. We hold ourselves to a high standard and commit to delivering the experience that you deserve.”

Mr. Blumenthal and Mr. Hawley demanded AT&T and Snowflake provide them information on the hack by July 29, including details on what the companies know about how the hack occurred and how their customers will learn if they were affected. The bipartisan duo also asked AT&T to explain when it notified law enforcement about the breach, given negative ramifications for national security.