AT&T Data Breach Exposes Call and Text Records of Millions
Massive Data Breach Affects AT&T Customers’ Call and Text Records
In a significant data breach, AT&T has revealed that the call and text message records of tens of millions of its customers and many non-AT&T users from mid-to-late 2022 were exposed. The breach, disclosed on Friday, has raised serious concerns about data security.
AT&T stated that the compromised information includes the phone numbers of almost all its cellular customers and those of wireless providers using its network from May 1, 2022, to October 31, 2022. The logs also detailed every number contacted by AT&T customers, the frequency of interactions, and the duration of calls. However, the content of the calls and text messages was not compromised.
A few records from January 2, 2023, were also affected, according to AT&T.
The Federal Communications Commission (FCC) is actively investigating the breach and coordinating with law enforcement partners. AT&T attributed the breach to an “illegal download” from a third-party cloud platform, discovered in April while the company was dealing with another major data leak.
Although AT&T believes the stolen data is not publicly available, CNN could not independently verify this claim. AT&T spokesperson Alex Byers emphasized that this incident is unrelated to a previous breach in March, which exposed the personal information of 73 million current and former customers.
“We deeply regret this incident and remain committed to safeguarding the information in our care,” AT&T stated.
With approximately 110 million wireless subscribers as of the end of 2022, AT&T confirmed that international calls, except those to Canada, were not included in the breach. The breach also affected AT&T landline customers who interacted with the compromised cell numbers.
Despite the breach, sensitive personal information such as Social Security numbers, dates of birth, or customer names was not exposed. However, AT&T acknowledged that publicly available tools could link names to specific phone numbers.
Additionally, cell site identification numbers linked to calls and texts were exposed, potentially revealing the broad geographic location of the parties involved.
AT&T has pledged to notify affected customers and provide resources to protect their information. While usage details like call and text timestamps were not compromised, the number of interactions and total call durations for specific days were exposed.
AT&T learned about the breach on April 19, when a “threat actor” claimed to have accessed and copied AT&T call logs. The company hired experts and confirmed that files were exfiltrated between April 14 and April 25.
The U.S. Department of Justice (DOJ) determined that delaying public disclosure was necessary. The FBI reviewed the data for potential national security risks, leading to a coordinated delay in public reporting.
Sanaz Yashar, co-founder and CEO of cybersecurity firm Zafran, highlighted the potential risks, noting that threat actors could use cell ID data to pinpoint sensitive locations. AT&T shares fell 1% following the news.
The breach involved illegal downloading of customer data from Snowflake, a third-party cloud platform. Snowflake’s chief information security officer, Brad Jones, stated that there was no evidence of a vulnerability or breach of Snowflake’s platform.
AT&T has taken steps to close the illegal access point and is cooperating with law enforcement to apprehend those responsible, with at least one person already arrested.