Cyber Blog

On Friday, AT&T revealed that hackers accessed records of calls and texts for nearly all of its cellular customers during a six-month period from May 1, 2022, to October 31, 2022. The breach also includes records from January 2, 2023, affecting a small number of customers.

AT&T stated that the compromised data does not include the content of calls or texts, nor does it contain personal details such as Social Security numbers, birth dates, or other personally identifiable information. The breach involved data downloaded from the company’s workspace on a third-party cloud platform.

The company discovered the unauthorized download in April and has been collaborating with law enforcement, resulting in the apprehension of at least one individual. While the data does not include call or text content, it does reveal the telephone numbers that an AT&T number interacted with during the affected periods.

AT&T assured that the data is not believed to be publicly available at this time.

This incident is separate from another breach reported by AT&T earlier this year, in which hackers stole personal information from millions of current and former customers and shared it on the dark web.

Security experts caution that even though the latest breach did not involve personally identifiable information, it could still be used by hackers to piece together additional data, increasing the risk of fraud. Dan Schiappa, Chief Product and Services Officer at Arctic Wolf, explained, “Identity-based attacks that extract customer records can enable attackers to compile personal data, potentially leading to identity theft or fraud.”

U.S. securities regulations require companies to notify customers of security breaches within 30 days of discovery. However, the FBI authorized a delay in AT&T’s disclosure due to security concerns, as the agency and the Department of Justice investigated the incident.

The Justice Department justified the delay, stating that premature disclosure could “pose a substantial risk to national security and public safety.” Additionally, the U.S. Federal Communications Commission is now investigating the breach.

How to Determine if You Were Affected

AT&T will notify impacted customers via text, email, or U.S. mail. Affected individuals can also log into their accounts to check if their data was compromised. The company offers a report with a simplified version of the compromised technical information through its website.

For more details, customers can visit att.com/DataIncident.

Will AT&T Provide Identity Theft Protection?

At present, AT&T is not offering additional identity theft protection services. However, the company advises customers to be vigilant about emails or texts requesting personal, account, or credit card information.

AT&T warned that malicious actors often use phishing and smishing techniques to obtain sensitive information. To protect yourself, avoid opening messages from unknown sources, and do not respond with personal information. Instead, go directly to a company’s official website rather than clicking on links in unsolicited messages.

In case of suspicious text messages, customers can forward them to AT&T for investigation. Detailed instructions for reporting unwanted texts are available on AT&T’s website, and forwarding messages will not count against text plans.