The Federal Bureau of Investigation (FBI) warns that the AT&T breach allowed threat actors to access agents’ call logs, potentially exposing the identities of informants.
The attack occurred between May 1 and October 31, 2022, and early 2023. It affected the telecommunications company’s SnowFlake account, which was compromised alongside hundreds of others. AT&T provides public safety services to various government agencies, including the FBI.
While the attackers did not access the contents of the communications, they obtained call and text metadata information indicating the callers’ phone numbers, when they called, and for how long they stayed on the call.
FBI call logs exposed in AT&T breach could endanger informants
Calling patterns could allow unauthorized individuals to identify FBI informants based on the frequency and length of the calls. It could also expose relationships between defendants and key players in ongoing cases, likely exposing potential or confirmed witnesses.
Investigators also use call logs to identify accomplices based on calling patterns. They also establish the timeline of events, which can provide crucial evidence during prosecution.
The FBI is tasked with protecting the identity of its informants; thus, the AT&T breach casts the federal law enforcement agency in a bad light.
AT&T reported in July 2024 that the breach exposed 109 million customer records, including the FBI call logs. However, they did not include communications made via encrypted apps or other networks.
The call logs also did not include the contents of the calls or texts or other personally identifiable information, such as callers’ names, Social Security Numbers, and dates of birth.
Nonetheless, the AT&T breach exposed the phone numbers of the FBI agents and informants. Some call logs also contained cell site identification numbers, which could expose callers’ locations. Similarly, while the AT&T breach did not expose customers’ names, threat actors could use widely available tools to obtain that information.
Besides physical danger, FBI agents and their informants are at risk of phishing attacks after their contact information was exposed.
While the FBI has not outlined the steps it took to protect the safety of its agents and informants, AT&T says it was working with the agency to mitigate the impact of the data breach.
Measures taken to limit damages
Meanwhile, law enforcement authorities have launched an investigation and apprehended one of the suspects involved in the AT&T breach. AT&T also believes the threat actor has not publicly released the stolen call logs.
According to a Form 8-K Filing with the U.S. Securities and Exchange Commission, the telecommunications giant said it activated incident response protocols and hired external cybersecurity experts to assist in investigations.
It also took additional cybersecurity measures, including “closing off the point of unlawful access” and notifying impacted individuals. Explaining why it delayed notifying the victims, AT&T says the U.S. Department of Justice warranted the delay.
The regulatory filing also states that the AT&T breach did not affect the company’s operations and would likely have no material impact on its operations or financial condition.
Besides common criminals, telecommunications companies are targets of cyber attacks by state-sponsored threat actors. As of now, AT&T has not disclosed the threat actor’s identity.
