AT&T reveals an arrest has been made related to the April 14th hack of 109 million landline and mobile customers in an updated post to customers on its website Wednesday.
“We continue to work with law enforcement in their efforts to arrest those involved. Based on information available to us, we understand that at least one person has been apprehended,” the AT&T post said.
A spokesperson for AT&T reiterated its previous statement and referred Cybernews to the FBI when we contacted them for further clarification. “At this time, we cannot provide any further comment and recommend you contact the FBI,” AT&T said.
Although the FBI did not provide any information regarding the reported arrest, the FBI did send a statement to Cybernews late Wednesday detailing steps taken by law enforcement after it was “contacted by AT&T to report the incident.”
“In assessing the nature of the breach, all parties discussed a potential delay to public reporting under Item 1.05(c) of the SEC Rule, due to potential risks to national security and/or public safety,” the FBI said, which explains why the breach disclosure was filed outside the four-day notification window as required by the SEC.
AT&T had stated in its SEC filing that the US Justice Department (DoJ) had determined “a delay in providing public disclosure was warranted” on two separate occasions (May 9th, June 5th), but it's not clear if those delays were related to any arrests made in the case.
The FBI further stated that “AT&T, FBI, and DOJ worked collaboratively through the first and second delay process, all while sharing key threat intelligence to bolster FBI investigative equities and to assist AT&T’s incident response work.”
The same arrest news was also shared in an email sent directly by the US telecommunications giant to affected customers, first reported on X by malware repository vx-underground, also on Wednesday.
“We found out AT&T call and text records were accessed by cyber-criminals who have claimed responsibility for unlawful access to other companies in the past. At least one individual has since been arrested,” the AT&T email stated in a ‘What’s Happening?’ section.
Today it was reported by AT&T (via email to customers) that an individual involved in the recent AT&T data breach has been arrested. pic.twitter.com/a9QflHQXAE
undefined vx-underground (@vxunderground) July 17, 2024
AT&T suffers multiple leaks
The company filed its 8K breach notification with the US Securities and Exchange Commission (SEC) announcing the AT&T breach on July 12th. reporting it had first became aware of the intrusion in May.
Days later, reports surfaced that the telecom had paid the infamous hacker gang Shiny Hunters a $370,000 ransom demand in May to delete the stolen data via an intermediary affiliate of the group.
Again, it's unknown if ShinyHunters or an affiliate is actually responsible for the AT&T breach or if any arrests came out of the exchange.
It’s also not the first time ShinyHunters has been blamed for going after AT&T. The gang infamously leaked a stolen 72M+ AT&T dataset on a hacker forum back in April 2022.
Although Shiny Hunters apparently failed to get its 200K asking price for the stolen cache, that same dataset has resurfaced multiple times on various forums since, finally prompting AT&T to acknowledge the legitimacy of the data this past spring.
Meantime, the Dallas-headquartered company said its preliminary investigation of the April hack revealed the attackers spent nearly two weeks inside AT&T networks, exfiltrating the records of 'nearly all' 109 million AT&T customers.
Those records are said to show customer call and text interactions taking place between approximately May through October 2022, as well as on January 2nd, 2023.
“While the data does not include customer names, there are often ways, using publicly available online tools, to find the name associated with a specific telephone number,” AT&T said.
AT&T tells customers to "remain cautious"
Shawn Waldman, CEO and Founder of cybersecurity consulting firm Secure Cyber Defense said the breach, which turned out to be connected to the recent hack of cloud provider Snowflake, also attributed to Shiny Hunters, “underscores the importance of securing third-party services.”
“The potential exposure of cell tower data is particularly alarming, as it could allow threat actors to pinpoint locations based on phone numbers, raising significant physical security concerns,” Waldman explained.
“While breaches involving personal information are not new, the ability to correlate data to specific locations introduces a new level of risk that must be addressed,” Waldman said.
In the breach update, AT&T provides tips for customers to follow to help protect against various phishing and smishing attacks, as well as other online fraud.
The company recommends its customers remain cautious of any phone calls or text requests asking for personal, account, or credit card details, and to:
- Only open text messages from people that you know and trust.
- Never reply to a text from an unknown sender with personal details.
- Do not click on links included in a text message. Always go directly to a company’s website.
- Always look for the “s” after the http in the web URL address to ensure the site is secure. Or look for a lock at the bottom of a webpage.
AT&T pointed out that scammers can build fake websites using forged company logos, signatures, and styles, and that when in doubt customers should forward any suspicious text directly to the company.
The company also details the methods of direct contact customers should expect to get from AT&T if their data was part of the breach, which is broken down by AT&T Wireless, Pre-paid, FirstNet, and Business accounts, and how to notify AT&T if fraud is suspected.
Customers can also request to get a copy of the phone numbers exposed in the hack, among other pertinent information.
Your email address will not be published. Required fields are markedmarked