Federal Agencies Likely Victims in Massive AT&T Hacking

Written By Shaw Bransford & Roth P.C.

Call and text records from dozens of federal agencies are believed to among millions stolen in a massive breach of telephone giant AT&T.

AT&T said that a hacker broke into its network in April and stole records of calls and text messages made by more than 100 million customers in a five-month period in 2022 and early 2023.

The hacker stole records showing when a call was made as well as location and data. The stolen information did not include actual phone conversations or actual contents of messages. Nevertheless, the metadata that was swiped can be pieced together to learn key details.

 “It’s a comprehensive view into people’s private worlds,” said John Scott-Railton, a senior researcher at the University of Toronto’s Citizen Lab. “It’s an absolute goldmine to anybody trying to figure out both people’s secrets and the US government secrets.”

AT&T disclosed the breach in a filing with the Securities and Exchange Commission (SEC). AT&T said the disclosure delay was requested by the Federal Bureau of Investigation (FBI).

AT&T’s Federal Contracts

AT&T is a top supplier of telecom and network services to the federal government.

Agencies that use AT&T for telecom include the Department of Homeland Security (DHS), Department of Justice (DOJ), Department of State, Department of Defense (DOD), Department of Veterans Affairs (VA), and agencies in the intelligence community.

In a statement to NextGov, a Cybersecurity and Infrastructure Security Agency (CISA) spokesperson said, “As always, CISA urges all organizations to enforce stringent security measures, including multifactor authentication. We will continue to monitor and provide guidance or assistance, as needed.” 

AT&T also manages the FirstNet program, a public safety network administered by the Commerce Department. First responders at all levels of government use it.

Ransom Paid

According to Wired, AT&T paid a person connected to alleged hacker John Binns roughly $370,000 in bitcoin back in May to delete the stolen data, and had to show AT&T a video that the data was deleted.

Binns, an American living in Turkey, was reportedly arrested in Turkey in May for his role in an earlier T-Mobile breach.

The Federal Communications Commission (FCC) is among the agencies investigating.

Shaw Bransford & Roth P.C.
Previous

Supreme Court Strikes Executive Branch Power in Trio of Rulings
Next

Snapshot Gives Look at Federal Workforce Numbers, Jobs, Locations