AT&T's massive data breach deepens crisis for Snowflake seven weeks after hack was disclosed

Snowflake has spent the past seven weeks dealing with the fallout of a major cyberattack that compromised sensitive customer data at several of its clients. The software company's problems just got a whole lot worse.

Telecommunications giant AT&T said in a regulatory filing on Friday that hackers tapped into a cloud platform housing customer data, gaining access to records of subscribers' calls and text messages during a six-month period in 2022. The data includes phone numbers, aggregate call duration and some cell site details, AT&T said in the filing.

An AT&T spokesperson told CNBC that the cloud service was owned by Snowflake. Shares of Snowflake fell 1.8% on Friday, while the Nasdaq rose 0.6%.

It is the most severe incident since Snowflake disclosed the breach on May 30, writing in a blog post at the time, "We became aware of potentially unauthorized access to certain customer accounts on May 23, 2024." Snowflake enlisted the help of cybersecurity software vendor CrowdStrike and Alphabet's Mandiant to investigate.

Mandiant wrote in a blog post last month that, through its "Victim Notification Program," the company and Snowflake have alerted 165 "potentially exposed organizations" of the incident. Mandiant blamed the hack on a financially motivated group it calls UNC5537, with members in North America and Turkey. UNC5537 drew on login credentials that had been available online after they had been stolen separately using malware.

Prior to Friday, the most notable companies connected to the Snowflake breach were Advance Auto Parts, LendingTree, Ticketmaster operator Live Nation and Santander Bank, which said in mid-May, prior to Snowflake's disclosure, "We recently became aware of an unauthorized access to a Santander