In April 2024, as reported by Hackread.com, AT&T experienced a major data breach when hackers accessed its Snowflake cloud environment, compromising the call and text metadata of nearly 110 million customers.

The breach lasted from May 2022 to October 2022 and included some records from January 2023, exposed phone numbers, interaction counts, and call durations, though not the content of communications or personally identifiable information.

The cyberattack was part of a large-scale campaign targeting over 160 Snowflake customers. Hackers exploited stolen credentials lacking multi-factor authentication to infiltrate these environments.

AT&T’s compromised data was stolen by a hacker associated with the ShinyHunters group. Reports indicate that AT&T paid a ransom of approximately $370,000 in Bitcoin to have the stolen data deleted, a transaction facilitated through an intermediary known as Reddington.