(Bloomberg) — AT&T Inc. said thieves made off with a half-year’s worth of calling and text data from virtually its entire wireless user base, the widest-ranging breach yet in a campaign that’s ensnared as many as 165 customers of software seller Snowflake Inc.
Most Read from Bloomberg
Snowflake said in June that hackers had launched a “targeted” effort against its clients, and has blamed its customers for failing to take adequate steps to protect their data. But the data analysis software company is suffering “reputational damage” from the hack, wrote Frank G. Louthan, an analyst at Raymond James.
A Snowflake spokesperson confirmed on Friday that the AT&T incident was connected to the hack that’s affected other customers, including Live Nation Inc.’s Ticketmaster and LendingTree.
The hacking group allegedly responsible has suspected members in North America and Turkey, according to the cyber firm Mandiant, a unit of Alphabet Inc.’s Google Cloud.
The sequence of Snowflake-connected intrusions appears worse than initially feared and is likely to cause some business slowdown in the near-term, wrote Mandeep Singh, an analyst at Bloomberg Intelligence.
The hack is likely to be less severe to Snowflake’s standing than breaches at firms like Okta Inc. and SolarWinds Corp. since Snowflake’s core function isn’t security-oriented software, said Gil Luria, an analyst at DA Davidson & Co.
While other Snowflake clients lost information like customers email addresses, experts said the compromised AT&T call and text data as well as location information about some customers presents national security risks. The data may reveal key details about people who conduct sensitive communications like politicians, executives, activists and journalists.
Customers use Snowflake to store and analyze large pools of information such as a telecommunications company figuring out when it receives its heaviest call volume.
For more: FCC Says It’s Investigating Massive Breach of AT&T Customer Data
Hackers have tried to extort Snowflake customers for as much as $5 million each, though thus far have made less than $1 million in total payments from no more than five companies, according to two people familiar with the matter.
Snowflake said their own systems weren’t breached outside of one employee’s demo account. The company has since introduced new tools for customer cybersecurity monitoring and said it plans to enable multifactor authentication by default for all customers.
Matthew Hedberg, an analyst at RBC Capital Markets, wrote these are “positive steps” in maintaining customer trust. He added that he spoke with company management who told him they have a “great relationship” with AT&T.
Other recent victims of the Snowflake hacking campaign have included the luxury retailer Neiman Marcus. The company said in a statement that it had notified approximately 64,000 people that their personal information had been stolen after an unauthorized party gained access to a Snowflake platform.
A Snowflake spokesperson confirmed Friday that the company hasn’t seen any unauthorized access of customer accounts since early June, when it said it was closing its investigation into the hacks.
Most Read from Bloomberg Businessweek
©2024 Bloomberg L.P.
Source Agencies