Salt Typhoon Compromised AT&T, Verizon, Lumen Technologies, Accessing US Govt Officials Comms
Published on November 14, 2024
AT&T has consented to a $13 million settlement with the Federal Communications Commission (FCC) following a significant data breach that compromised the personal information of approximately 9 million customers. This breach involved unauthorized access and sale of customer data by third-party vendors employed by AT&T.
While not admitting guilt, the American telecom giant has committed to implementing a series of remedial measures aimed at preventing future incidents.
Under the settlement terms, AT&T is required to tighten oversight of third-party vendors and implement more stringent access controls for handling customer data. Moreover, the telco giant needs to conduct regular security audits to identify and address vulnerabilities within its data management systems.
The breach, which surfaced in January 2023, primarily revolved around Customer Proprietary Network Information (CPNI), which encompasses sensitive details such as phone numbers, names, and certain service-related information.Â
AT&T's third-party vendors, responsible for managing customer data, mishandled the CPNI of around 9 million customers, accessing it without proper authorization and subsequently selling it to external parties.Â
This led to an increase in SIM swapping fraud, where unauthorized individuals manipulated network restrictions to resell SIM cards, enabling them to take over customer phone numbers and steal personal information or money.
The FCC launched a comprehensive investigation into the 2023 data breach after receiving multiple reports of suspicious activities from affected customers. These included identity theft and SIM-swapping fraud incidents.Â
According to the FCC's findings, AT&T's reliance on third-party vendors without implementing strong oversight mechanisms facilitated the misuse of customer data.
This year, AT&T filed an 8-K report with the U.S. Securities and Exchange Commission saying the company’s account with third-party cloud storage service Snowflake was illegally accessed in April and the threat actors managed to exfiltrate the call and message log details of almost all their wireless customers, including the ones using mobile virtual network operators (MVNOs).