AT&T has disclosed a significant data breach affecting the call and text records of nearly all its customers. The breach, which involved unauthorized access to a third-party cloud platform, exposed sensitive information from May 1, 2022, to October 31, 2022. Some records from early 2023 were also compromised.
The company confirmed that the stolen data includes phone numbers and cell site identification numbers, but not the content of calls or texts, Social Security numbers, dates of birth, or other personal identifiers. The breach impacts customers using AT&T’s network and landline customers who interacted with these cellular numbers.
AT&T is working with cybersecurity experts and law enforcement to investigate the breach and prevent further unauthorized access. At least one individual involved in the hack has been apprehended. The Department of Justice, FBI, and Federal Communications Commission are also investigating the incident.
In response to the breach, AT&T is notifying affected customers via text, email, or mail and advising them to monitor their accounts for unusual activity. The company emphasizes that it does not believe the stolen data is publicly available, but urges customers to remain vigilant.
John Scott-Railton, a senior researcher at the University of Toronto’s Citizen Lab, highlighted the risks posed by such metadata, noting that it can reveal detailed personal information. The breach has raised significant concerns about privacy and security, prompting an ongoing investigation by multiple federal agencies.
AT&T assures customers that it is taking steps to secure its systems and prevent future breaches. The company is committed to working with authorities to bring those responsible to justice and to protect the privacy and security of its customers’ information.