U.S. senators are starkly questioning AT&T's data storage practices after a serious data breach.
Sens. Richard Blumenthal (D-Conn.) and Josh Hawley (R-Mo.) — the chair and ranking member of the Senate Judiciary Subcommittee on Privacy, Technology, and the Law — wrote letters questioning the telecom giant and its practice of storing call and text records with a third-party platform called Snowflake.
The lawmakers demanded more info regarding the hack in which the company said "nearly all" text and phone records were stolen in mid-to-late 2022. The letters demanded answers from the CEOs of both AT&T and Snowflake.
AT&T's security practices face scrutiny
"Why had AT&T retained months of detailed records of customer communication for an extended amount of time and why had AT&T uploaded that sensitive information onto a third party analytics platform?" the senators asked. "What is AT&T policy, including timelines, concerning retaining and using such information?"
Blumenthal and Hawley also pressed the fact other Snowflake clients — such as Ticketmaster, Advance Auto Parts, and Santander Bank — have announced breaches of information hosted by the company. The lawmakers suggested the AT&T breach was a result of basic cybersecurity failures, centering on malware infections and passwords that had gone unchanged for years.
"Disturbingly, the AT&T breach appears to have been easily preventable," the senators wrote.
Related Stories
- T-Mobile, AT&T, and Verizon were all tested for speed. Which one won?
- AT&T reportedly paid hacker $370,000 to delete stolen customer data
- Hackers cause EA to postpone Apex Legends pro gamer tournament
- Can hackers get into your Google account without a password?
- AT&T resets millions of passcodes after data leak
Not long after the news of the breach broke, it was reported that AT&T had actually paid a hacker roughly $370,000 to delete the stolen information — though that does not actually guarantee the data is actually fully gone.