Senators press AT&T on why it stores call records on a third-party 'AI data cloud'

U.S. lawmakers grilled AT&T in letters after its massive breach. A pair of high-profile senators questioned the telecom giant's data practices.

U.S. senators are starkly questioning AT&T's data storage practices after a serious data breach.

Sens. Richard Blumenthal (D-Conn.) and Josh Hawley (R-Mo.) — the chair and ranking member of the Senate Judiciary Subcommittee on Privacy, Technology, and the Law — wrote letters questioning the telecom giant and its practice of storing call and text records with a third-party platform called Snowflake.

The lawmakers demanded more info regarding the hack in which the company said "nearly all" text and phone records were stolen in mid-to-late 2022. The letters demanded answers from the CEOs of both AT&T and Snowflake.

AT&T's security practices face scrutiny

"Why had AT&T retained months of detailed records of customer communication for an extended amount of time and why had AT&T uploaded that sensitive information onto a third party analytics platform?" the senators asked. "What is AT&T policy, including timelines, concerning retaining and using such information?"

Blumenthal and Hawley also pressed the fact other Snowflake clients — such as Ticketmaster, Advance Auto Parts, and Santander Bank — have announced breaches of information hosted by the company. The lawmakers suggested the AT&T breach was a result of basic cybersecurity failures, centering on malware infections and passwords that had gone unchanged for years.

"Disturbingly, the AT&T breach appears to have been easily preventable," the senators wrote.

Not long after the news of the breach broke, it was reported that AT&T had actually paid a hacker roughly $370,000 to delete the stolen information — though that does not actually guarantee the data is actually fully gone.