Senators press AT&T, cloud company for answers on data breach

Sens. Richard Blumenthal (D-Conn.) and Josh Hawley (R-Mo.) pressed AT&T and data cloud company Snowflake for answers this week following a breach that exposed the call and text records of nearly all of AT&T’s customers.

“We write demanding information regarding the breach of AT&T’s private customer data and seek answers about how AT&T failed to protect such profoundly sensitive information from cybercriminals,” the senators wrote in a letter to AT&T CEO John Stankey.

AT&T revealed Friday that the records of most of its cellular customers between May and October 2022, as well as one day in January 2023, were illegally downloaded on a third-party cloud platform.

The data identifies phone numbers that AT&T customers interacted with and, in some cases, cell site ID numbers. However, it does not include the content of calls or texts, time stamps or any identifying information.

“Taken together, the stolen information can easily provide cybercriminals, spies, and stalkers a logbook of the communications and activities of AT&T customers over several months, including where those customers live and traveled — a stunning and dangerous breach of its customers’ privacy and intrusion into their personal lives,” the letter reads.

The senators also wrote to Sridhar Ramaswamy, CEO of Snowflake, noting the AT&T breach is the latest to affect the cloud company’s clients. Ticketmaster, Advance Auto Parts and Santander Bank have all recently suffered breaches related to Snowflake.

Blumenthal and Hawley pointed to several cybersecurity failures at the companies — including malware infections and failures to update passwords, implement firewall access and turn on multifactor authentication — that “seemingly reflect gross negligence.”

“Disturbingly, the AT&T breach appears to have been easily preventable,” they wrote Tuesday.

For the latest news, weather, sports, and streaming video, head to The Hill.