AT&T has confirmed that the call and text message records of almost all its cellular customers were exposed in a data breach. This incident came to light through a mandatory filing with the U.S. Securities and Exchange Commission in April.
The US Federal Communications Commission reported that it is carrying out an investigation into these events.
We have an ongoing investigation into the AT&T breach and we’ re coordinating with our law enforcement partners.
— The FCC (@FCC) July 12, 2024
Here’s a detailed look into what happened, who was affected, and steps you can take if you’re concerned about your data.
Overview of the Data Breach
According to AT&T’s disclosure, unidentified threat actors illegally downloaded customer data onto a third-party cloud platform from an AT&T workspace.
The data breach includes records of customer interactions via calls and texts from May 1, 2022, to October 31, 2022, and for a select few, records extend up to January 2, 2023. It’s important to note that while the content of the communications was not exposed, the breach still involves detailed call and text logs.
Who Was Affected?
The breach impacts nearly all of AT&T’s cellular customers, including users of mobile virtual network operators (MVNOs) that utilize AT&T’s network. Additionally, AT&T landline customers who interacted with these cellular numbers have also been compromised.
Despite the extensive nature of the breach, AT&T has assured that no names, Social Security numbers, dates of birth, or other personally identifiable information were included in the exposed data.
What Type of Data Was Exposed?
The exposed data does not include the content of the calls or texts nor any personally identifiable information such as Social Security numbers or dates of birth.
However, the data comprises phone numbers and, in some cases, cell site identification numbers associated with the call and text interactions. Interestingly, the breach does not cover the timestamps of these interactions, which slightly reduces the scope of the exposure.
ALSO READ. VIDEO Joe Biden confuses President Zelenskyy with Putin
What Steps AT&T Is Taking
AT&T has initiated an in-depth investigation into the breach and is collaborating closely with law enforcement to address the situation. The company has also engaged leading cybersecurity experts to assess and mitigate the impact. According to reports, at least one suspect involved in the breach has already been apprehended.
What Should AT&T Customers Do?
AT&T advises all customers to remain vigilant against any suspicious calls or texts. Specifically, customers should:
- Avoid responding to unsolicited requests for personal, account, or credit card details.
- Forward suspicious texts to AT&T for investigation.
- Report any suspected fraud to AT&T’s dedicated fraud team.
Additionally, AT&T recommends applying a general rule of caution and only opening messages from known and trusted contacts.
For those concerned about further data exposure, AT&T suggests several steps:
- Utilize free credit monitoring services, if provided.
- Regularly obtain free credit reports to spot any unauthorized activities.
- Consider placing a credit freeze or a fraud alert on your records to make unauthorized access to credit in your name more difficult.
AT&T has also set up a dedicated webpage (att.com/DataIncident) for affected customers to find more information and resources to protect their data.
The company has expressed regret over this incident and is taking considerable steps to secure its systems against future attacks.
This is the full press release that AT&T issued about this case:
DALLAS, July 12, 2024. In April, AT&T (NYSE:T) learned that customer data was illegally downloaded from our workspace on a third-party cloud platform. We launched an investigation and engaged leading cybersecurity experts to understand the nature and scope of the criminal activity. We have taken steps to close off the illegal access point. We are working with law enforcement in its efforts to arrest those involved in the incident. We understand that at least one person has been apprehended.
Based on our investigation, the compromised data includes files containing AT&T records of calls and texts of nearly all of AT&T’s cellular customers, customers of mobile virtual network operators (MVNOs) using AT&T’s wireless network, as well as AT&T’s landline customers who interacted with those cellular numbers between May 1, 2022 – October 31, 2022. The compromised data also includes records from January 2, 2023, for a very small number of customers. The records identify the telephone numbers an AT&T or MVNO cellular number interacted with during these periods. For a subset of records, one or more cell site identification number(s) associated with the interactions are also included.
The data does not contain the content of calls or texts, personal information such as Social Security numbers, dates of birth, or other personally identifiable information. It also does not include some typical information you see in your usage details, such as the time stamp of calls or texts. While the data does not include customer names, there are often ways, using publicly available online tools, to find the name associated with a specific telephone number.
At this time, we do not believe that the data is publicly available.
Our top priority, as always, is our customers. We will provide notice to current and former customers whose information was involved along with resources to help protect their information. We sincerely regret this incident occurred and remain committed to protecting the information in our care. Customers can visit att.com/DataIncident for more information.
