A damning report by the Federal Communication Commission (FCC) has found AT&T to be responsible for its February outage that blocked over 92 million voice calls, 25,000 of which were calls to emergency services.
The agency found that the outage resulted from a range of preventable factors including a lack of peer review processes, inadequate lab testing, and a failure to follow basic internal procedures.
While the FCC confirmed the 12-hour outage wasn’t caused by a cyber attack, the 29-page report has done little to repair AT&T’s poor credibility, with the popular telecommunications still receiving backlash from a recent data breach that compromised the information of over 109 million customers.
AT&T Outage Blocked Millions of Calls, Report Reveals
If you failed to make calls with AT&T on February 22, 2024, you weren’t alone – with a new report by the FCC finding that the nationwide system outage blocked a total of 92 million calls throughout its 12-hour duration – with 25,000 of those being attempts to reach 911.
The independent agency found that the outage blocked service on a total of 125 million registered devices, with users across 50 states as well as Washington D.C. and Puerto Rico being impacted. In addition to calls, 5G data services were also unavailable, preventing AT&T customers from browsing the web and streaming content for the 12-hour time period.
The outage also cut off services to the devices operated by FirstNet for over two hours, the wireless broadband network designed for First Responders throughout the US, causing further disruption to emergency services and prolonging the amount of time it took for dispatchers to coordinate effective responses.
With AT&T previously keeping the extent of the blunder hidden, the FCC’s damning investigation is a bad look for a company that’s already in hot water for its recent cybersecurity failings. What’s more, while AT&T vaguely explained that the outage was sparked by an “incorrect process” after it took place, the FCC found they may be more culpable than they initially claimed.
Service Interruption Could Have Been Prevented With Basic Tests, FCC Finds
As detailed in the FCC’s report, the government agency agrees that the telecom company’s 12-hour outage was caused by a software update that went wrong.
However, the FCC also found AT&T guilty of failing to follow internal company procedures, as well as lacking a basic peer review process – the outage was caused by a lone employee who made the network enter Protection Mode after misconfiguring a single network element.
The FCC also called the Dallas-based company out for failing to test crucial updates before they go live.
This just in! View
the top business tech deals for 2024 👨💻
The report states that in addition to AT&T’s ineffective peer review process, the company failed to sufficiently test changes before they took place. According to the agency, AT&T “either failed to effectively emulate the live environment” or “failed to test the impact of this misconfiguration on the wider network”.
The telecommunications giant’s omission to carry out a “post-installation test” was also likely why the issue took over 12 hours to resolve, the FCC concluded. Testing the error as soon as it took place may have “helped detect the misconfigured network element more quickly, thereby allowing AT&T Mobility to initiate corrective action more expeditiously”, according to the agency.
More Damning Details Emerge About AT&T’s Cyber Attack
While the FCC and FBI agree that AT&Ts nationwide outage was not a result of poor cyber hygiene, more information has surfaced about the carrier’s 2022 data breach.
Earlier this month, the company admitted that over 109 million customer accounts containing call and text records from 2022 were downloaded illegally in April. According to Reuters, the scale of the attack was concerning, with almost all AT&T cellular and landline customers who used the service between May and October 2022 being impacted.
An external investigation by AT&T found that hackers exfiltrated the sensitive files from a third-party workspace platform Snowflake. The company subsequently paid the hacking group $370,000 in cryptocurrency to delete these files and closed off the vulnerability responsible for the hack. However, it’s impossible to determine whether AT&T’s ransom payment was successful.
AT&T was also brought under fire earlier this year when it was revealed that the details of 70 million customer accounts, including names, phone numbers, and social security numbers, were leaked online in a similar hack. If you were an AT&T customer in August 2021, you can find out if your data has been compromised in the hack here.