On Friday, the U.S. telecom giant AT&T acknowledged that a major security breach occurred in April. The scope of the security incident during which customer data was illegally downloaded is massive. Based on an internal investigation, the company has revealed that:
“The compromised data includes files containing AT&T records of calls and texts of nearly all of AT&T’s cellular customers, customers of mobile virtual network operators (MVNOs) using AT&T’s wireless network, as well as AT&T’s landline customers who interacted with those cellular numbers between May 1, 2022 - October 31, 2022. The compromised data also includes records from January 2, 2023, for a very small number of customers.”
AT&T learned of this incident on April 19 and has cooperated with the FBI and the Department of Justice ever since. Allegedly, at least one person linked to the security incident has been apprehended.
The company explains what kind of data was illegally downloaded:
Data that was involved: The call and text records identify the phone numbers with which an AT&T number interacted during this period, including AT&T landline (home phone) customers. It also included counts of those calls or texts and total call durations for specific days or months.
Data that wasn"t involved: The downloaded data doesn’t include the content of any calls or texts. It doesn’t have the time stamps for the calls or texts. It also doesn’t have any details such as Social Security numbers, dates of birth, or other personally identifiable information.
Even though the data doesn’t include customer names, AT&T emphasizes that there are often ways to find a name associated with a phone number using publicly available online tools.
Current and prior customers have two options to find out whether their data was part of the breach. They can proactively seek this information through a dedicated website where they’ll find detailed information and links relevant to specific services and their customers. The other option is to simply wait until AT&T reaches out to you by text, email, or U.S. mail.
The data was stolen from AT&T’s workspace on a third-party cloud platform. As the company confirmed to TechCrunch, the platform in question is cloud data giant Snowflake.
At this time, AT&T does not believe that the data is publicly available.