Senators left and right want to know why AT&T "retained months of detailed records of customer communication"
Remember that wee issue with AT&T from last week? Yeah, the significant hacking operation that stole customer records from users on its network!
The breach exposed phone records of over 100 million customers, but it did not include customer names, call or text contents, or sensitive information such as Social Security numbers.
Despite this, the incident remains highly concerning. It's relatively easy to trace phone numbers back to individuals, potentially revealing private connections. Additionally, a portion of the records could be used to determine an individual's location.
This latest customer data breach involves a third-party cloud service provider called Snowflake, whose servers were compromised, exposing calls and phone numbers. Snowflake was used by AT&T to store the telco's data.
Now, US senators are demanding answers from AT&T regarding why it stores vast amounts of call and text message records on Snowflake, which is known as an "AI Data Cloud".
Senators Richard Blumenthal (D-Conn.) and Josh Hawley (R-Mo.) sent letters to AT&T and Snowflake, seeking clarification. They questioned AT&T's CEO, John Stankey and among other questions, they asked:
AT&T hasn't detailed how it uses Snowflake, but Snowflake's website describes its platform as a tool for businesses to collaborate and share data effectively. According to Snowflake, its service helps telecom companies like AT&T improve customer experiences, increase operational efficiency, and create new revenue streams by using data more effectively.
Andy Markus, AT&T's Chief Data Officer, was quoted in the case study, saying that Snowflake has enabled AT&T to harness and integrate data to generate insights, which in turn improves customer experience and operational efficiency. The move to Snowflake allowed AT&T to move away from complex on-premises systems, like Hadoop, which were slowing down business processes.
In response to the senators' questions, AT&T stated that it uses trusted cloud services like Snowflake to handle large amounts of data. These platforms enable centralized data analysis, which is crucial for network planning, capacity utilization, and developing new services. AT&T added that its data retention periods depend on the type of information, business needs, and legal obligations, including litigation and government orders.
When asked about how long it retains data, AT&T did not provide specifics but emphasized that its retention periods vary based on several factors, including business operations and legal requirements.
The breach appears to have been preventable. According to cybersecurity firm Mandiant, the hackers obtained passwords from malware infections, often associated with pirated software. The hacked accounts had outdated passwords, lacked firewall access, and did not use multifactor authentication – basic security measures that were neglected.
The senators demanded that AT&T explain how the hackers accessed the Snowflake workspace and provide a full account of the stolen data and its impact on customer privacy. They asked for responses by July 29.
AT&T has since closed the access point used by the hackers and is notifying affected customers. The FBI and the FCC (Federal Communications Commission) are investigating the breach.
The breach exposed phone records of over 100 million customers, but it did not include customer names, call or text contents, or sensitive information such as Social Security numbers.
This latest customer data breach involves a third-party cloud service provider called Snowflake, whose servers were compromised, exposing calls and phone numbers. Snowflake was used by AT&T to store the telco's data.
Senators Richard Blumenthal (D-Conn.) and Josh Hawley (R-Mo.) sent letters to AT&T and Snowflake, seeking clarification. They questioned AT&T's CEO, John Stankey and among other questions, they asked:
Why had AT&T retained months of detailed records of customer communication for an extended amount of time and why had AT&T uploaded that sensitive information onto a third party analytics platform? What is AT&T policy, including timelines, concerning retaining and using such information?
AT&T hasn't detailed how it uses Snowflake, but Snowflake's website describes its platform as a tool for businesses to collaborate and share data effectively. According to Snowflake, its service helps telecom companies like AT&T improve customer experiences, increase operational efficiency, and create new revenue streams by using data more effectively.
In response to the senators' questions, AT&T stated that it uses trusted cloud services like Snowflake to handle large amounts of data. These platforms enable centralized data analysis, which is crucial for network planning, capacity utilization, and developing new services. AT&T added that its data retention periods depend on the type of information, business needs, and legal obligations, including litigation and government orders.
When asked about how long it retains data, AT&T did not provide specifics but emphasized that its retention periods vary based on several factors, including business operations and legal requirements.
The breach appears to have been preventable. According to cybersecurity firm Mandiant, the hackers obtained passwords from malware infections, often associated with pirated software. The hacked accounts had outdated passwords, lacked firewall access, and did not use multifactor authentication – basic security measures that were neglected.
AT&T has since closed the access point used by the hackers and is notifying affected customers. The FBI and the FCC (Federal Communications Commission) are investigating the breach.
![iPhone users on AT&T left without service after massive outage [UPDATED]](https://m-cdn.phonearena.com/images/article/161893-wide-two_350/iPhone-users-on-AT-T-left-without-service-after-massive-outage-UPDATED.jpg)
FCC OKs Cingular\'s purchase of AT&T Wireless
Things that are NOT allowed: