Advertisement
Snowflake is grappling with the repercussions of a significant cyberattack that has compromised sensitive customer data. The crisis deepened as AT&T disclosed that hackers accessed a cloud platform hosting customer data, obtaining records of subscribers’ calls and text messages over six months in 2022. The breach affects nearly all of AT&T’s 242 million U.S. wireless customers and customers of mobile virtual network operators using its network.
Details of the Breach
In a regulatory filing, AT&T revealed that the accessed data includes phone numbers, aggregate call durations, and some cell site details. The telecom giant clarified that the breach did not expose customer names or the content of calls and texts. However, it noted that publicly available tools could potentially link phone numbers to specific individuals.
Snowflake’s Response and Investigation
Snowflake first acknowledged the breach on May 30, after discovering potentially unauthorized access to certain customer accounts a week earlier. The company enlisted cybersecurity firms CrowdStrike and Alphabet’s Mandiant to investigate the incident. Mandiant’s investigation identified 165 “potentially exposed organizations,” attributing the hack to a financially motivated group known as UNC5537, operating in North America and Turkey. The hackers utilized stolen login credentials available online due to previous malware infections.
Wider Impact and Corporate Reactions
Before AT&T’s disclosure, notable companies affected by the Snowflake breach included Advance Auto Parts, LendingTree, Live Nation, and Santander Bank. The breach at AT&T, a significantly larger entity, has escalated the crisis, impacting nearly all of its wireless customers and connected devices.
AT&T assured that the breach would not materially affect its finances, though the reputational damage is significant. Snowflake, however, warned investors of potential “significant liabilities” and reputational harm due to the breach. The company’s stock fell 1.8% following AT&T’s announcement, contrasting with a 0.6% rise in the Nasdaq.
Security Measures and Future Precautions
In response to the ongoing crisis, Snowflake emphasized the importance of multi-factor authentication (MFA) and published a blog post outlining steps administrators can take to enforce MFA usage. Mandiant highlighted that the lack of MFA allowed hackers to use stolen credentials to access Snowflake environments and export substantial customer data. The hackers have since attempted to extort victims and sell the stolen data online.
Leadership and Market Impact
The deepening breach saga poses a significant challenge for Snowflake’s CEO, Sridhar Ramaswamy, who took over from Frank Slootman in February. The company has faced declining stock value and reduced its full-year adjusted operating income forecast days before disclosing the hack. Snowflake, which went public in 2020, saw its market cap drop from over $70 billion at its IPO to about $45 billion, with shares closing at $134.73 on Friday.
As Snowflake continues to address the fallout from the breach, the importance of robust cybersecurity measures and vigilant data protection practices becomes increasingly evident. The company must navigate the crisis to regain customer trust and stabilize its market position.