AT&T recently disclosed a significant data breach that exposed the call and text message records of tens of millions of its customers, as well as non-AT&T customers. The breach, which occurred between May 1, 2022, and October 31, 2022, involved the telephone numbers of nearly all AT&T cellular customers and those of wireless providers using its network.
The compromised data includes details such as the numbers called or texted, the frequency of interactions, and call durations. However, the contents of the calls and texts were not part of the stolen information, and the timing of communications was also not included.
AT&T clarified that the breach did not expose personal information like Social Security numbers, dates of birth, or customer names. The company emphasized that the stolen data is not believed to be publicly available and that international calls, except those to Canada, were not included in the breach.
While the breach did not compromise the content of communications, it did expose certain cell site identification numbers linked to calls and texts, potentially revealing the general geographic locations of the parties involved.
AT&T stated that it is actively investigating the breach and working closely with law enforcement agencies. The company attributed the incident to an illegal download on a third-party cloud platform, which it became aware of in April.
Despite the breach, AT&T assured customers that it is committed to safeguarding their information and will notify those affected by the breach. The company also mentioned that it had identified at least one individual involved in the cybercriminal incident.
AT&T's efforts to address the breach include providing resources to help customers protect their information and ensuring that usage details like call times and text message timestamps were not compromised. The company is taking steps to mitigate the impact of the breach and prevent similar incidents in the future.
