FILE PHOTO: The AT&T logo is seen in a store window, as airports around the country are awaiting for Verizon and AT&T to rollout their 5G technology, in the Manhattan borough of New York City, New York, U.S., January 19, 2022. REUTERS/Brendan McDermid/File Photo
WASHINGTON (Reuters) -Two U.S. senators on Tuesday asked AT&T to answer questions about a massive hacking incident in April that resulted in the illegal downloading of about 109 million customer accounts at the U.S. wireless company.
Senator Richard Blumenthal, a Democrat who chairs a subcommittee on investigations and Republican Josh Hawley, sought details after AT&T disclosed on Friday its call logs were copied from its workspace on a Snowflake cloud platform covering about six months of customer call and text data from 2022 from nearly all its customers.
"The stolen information can easily provide cybercriminals, spies, and stalkers a logbook of the communications and activities of AT&T customers over several months, including where those customers live and traveled — a stunning and dangerous breach of its customers’ privacy and intrusion into their personal lives," the letter to AT&T CEO John Stankey said, asking if the wireless company will compensate consumers.
AT&T said it would respond directly to the senators.
"There is no reason to believe that AT&T’s sensitive data will not also be auctioned and fall into the hands of criminals and foreign intelligence agencies," the senators added.
Snowflake did not immediately respond to a request for comment.
In a separate letter to Snowflake, the senators raised concerns about other recent data breaches of Snowflake clients.
"The recent AT&T disclosure — three months after the breach and following other announced breaches — raises concerns that we still do not know the full scope or impact of the campaign targeting Snowflake customers," the senators wrote.
The FBI is investigating. AT&T said at least one person has been arrested. AT&T's breach is the latest big hack to hit a wide swath of Americans, coming on the heels of a ransomware attack on UnitedHealth Group's Change Healthcare unit in February that hit an estimated one-third of the country whose private data may have been exposed.
The Federal Communications Commission said it also has an ongoing investigation.
In March, AT&T said it was investigating a data set released on the "dark web" and said its preliminary analysis showed it affected approximately 7.6 million current account holders and 65.4 million former account holders. The company said the data set appeared to be from 2019 or earlier.
(Reporting by David Shepardson; Editing by Stephen Coates)
