AT&T Data Breach Exposes Millions Of Users' Call, Text Records

The company pointed to an "illegal download" that was made on a third-party cloud platform. AT&T learned about it in April 2024 at the time that it was dealing with a totally unrelated major data leak.

According to AT&T, the exposed data showed "nearly all" the telephone numbers of the company's cellular customers. It also included customers of wireless providers, which utilized its network.

The breached records were from May to October of 2022. There were also indications that a small number of its customers were also affected on Jan. 2, 2023.

The call logs that were stolen showed every number dialed or texted by AT&T customers, including the number of times that interactions were made and the duration of the calls. At the end of 2022, AT&T listed approximately 110 million wireless subscribers.

The company also revealed that the breach did not include international calls, except for those made to Canada. In addition, landline customers of AT&T who interacted with the stolen cellular numbers were likewise exposed.

While the names of the owners of those numbers were not included in the breach, the company admitted that there are publicly available tools, which could link names with phone numbers.

Aside from the phone numbers, AT&T also revealed that a number of cell site identification numbers that were linked to the exposed mobile numbers were also identified. This could give an indication as to the geographic location of the owner of the numbers.

"At this time, we do not believe that the data is publicly available," AT&T stated in a release. "We sincerely regret this incident occurred and remain committed to protecting the information in our care."