AT&T has admitted that “tens of millions” of customers were involved in a massive data breach that rocked the telecom giant in 2022. While the breach affected AT&T’s wireless customers, the company has since stated that the exposed data did not contain the content of personal calls and messages and should not be available to the public.
The customer data was downloaded from an AT&T workspace via a third-party cloud platform — all without authorization, of course. The data was comprised of “nearly all” AT&T customers’ call and text logs from May 1, 2022, through October 31, 2022, making them an ideal target for cybercriminals hoping to turn personally identifiable information into profit via the dark web.
Unfortunately, the records also list the numbers that affected AT&T customers called and texted, as well as the number of interactions and their durations.
AT&T's statement also mentions that records from the January 2, 2023 data breach affected a small number of customers.
As mentioned above, the content of leaked calls and text messages is not included in the leaked data. Also not included are timestamps of calls or text messages, sensitive information like Social Security numbers, or personal details like birth dates. AT&T also noted that while the records also do not include customer names, there are plenty of legitimate ways for anyone to link a cell phone number to the name of the person using it.
What happens next?
AT&T has assured its customers that the affected access point has been secured, which is good news. The company has also worked with law enforcement to track down the cybercriminals behind the attack. In fact, one individual has already been discovered and “arrested.”
Protecting your data is one of our top priorities. We have confirmed that the affected access point has been secured.
AT&T
The company has also stated that it will be reaching out to customers (past and current) to confirm that their data was involved in the breach. So, if you've been an AT&T customer at any point since May 2022, you'll want to keep an eye out for an email, just in case.
For anyone who has been affected by the AT&T data breach (or for those who care about privacy), there are a few things you can do to limit the damage to your overall digital security. Firstly, it’s worth changing the password associated with your AT&T account, especially if you use it for other sites and apps. Next, I’d recommend trying out one of the best VPNs available today. A VPN keeps all of your personal data hidden from prying eyes and curious third parties, encrypting it as you browse day to day. Plus, our #1 VPN, NordVPN, even has handy threat protection tools that will get rid of pop-up ads and combat phishing attempts.
