The United States telecommunications giant AT&T, which serves over 114.5 million wireless subscribers, recently experienced a major data breach. Information on 109 million users was illegally downloaded and exposed on a third-party platform.
On July 13, AT&T disclosed on its website that nearly all of its customers’ data had been exposed. According to the company, the stolen data includes records of phone calls and text messages from March to October 2022, and January 2, 2023. The breach also compromised details such as the frequency and duration of calls and texts, as well as the phone numbers that interacted with AT&T customers during those times.
However, AT&T emphasized that the breach did not include personal information such as the content of calls or texts, dates of birth, or Social Security numbers.
According to the company, the investigation into the incident is ongoing in an effort to apprehend the hackers, and at least one person has been arrested. AT&T stated, “We will notify current and former customers if their information was involved.”
On July 12, the U.S. Federal Communications Commission (FCC) announced on the social media platform X (formerly Twitter) that it is conducting an ongoing investigation into the AT&T breach and coordinating with law enforcement partners.
According to Wired, the hacking group ‘ShinyHunters’ that leaked AT&T users’ information stole the data through an unsecured Snowflake cloud storage account. Additionally, AT&T paid 5.7 bitcoins, equivalent to $373,646 (517 million won), to a member of the group to delete the illegally downloaded data and provide a 7-minute video demonstrating the data deletion process.
The AT&T data breach incident is the second of its kind this year. On March 30, the company revealed that information for 7.6 million customers—including names, phone numbers, email addresses, Social Security numbers, AT&T account numbers, and passcodes—had been found on the dark web. Additionally, data for 65.4 million former customers was also identified.
The firm said they have already reset the passcode for the current user base. “The incident has not had a material impact on AT&T’s operations,” AT&T added.
Related article: McDonald’s faces 706 million won in fines over data violation
The US burger giant’s South Korea operation has been fined 706 million won (roughly $551,000) for breaking the nation’s data privacy laws for its treatment of South Korean users’ information.
The South Korean privacy regulator, the Personal Information Protection Commission (PIPC), held its fifth plenary session on Wednesday and decided to fine McDonald’s alongside five other companies over privacy violations. The US burger giant was given the biggest penalty among the six firms.
The PIPC said that McDonald’s had mishandled customers’ data and let attackers gain access to more than 4.8 million South Korean users’ data, which is almost 10 percent of the country’s population. The PIPC did not immediately respond to The Readable’s request for details about the information that has been affected.
The privacy regulator added in the statement that the burger chain failed to notify its customers about the breach and did not adequately inform regulators about the leakage with in the required time. The South Korean privacy law states that companies must notify users and report data exposures to regulators within 24 hours after they have discovered the breach. Moreover, the PIPC discovered that the burger chain had stored 766,846 users’ personal information beyond their retention period. READ MORE
