AT&T Massive Data Breach – Affecting Nearly All Customers’ Call & Text Records

AT&T, one of the largest telecommunications companies in the United States, has disclosed a significant data breach that exposed the call and text records of nearly all its cellular customers. The company revealed this information in a regulatory filing on July 12, 2024.

The breach, which occurred between April 14 and April 25, 2024, involved unauthorized access to AT&T’s workspace on a third-party cloud platform. The compromised data includes records of customer call and text interactions from May 1 to October 31, 2022, as well as some records from January 2, 2023.

The exposed information encompasses:

• Phone numbers of AT&T wireless customers and mobile virtual network operators (MVNOs) using AT&T’s network.
• Records of calls and texts, including the number of interactions and total call durations.
• For some records, cell site identification numbers are associated with the interactions.

AT&T emphasized that the breach did not include the content of calls or texts, personal information such as Social Security numbers, dates of birth, or other personally identifiable information.

Are you from SOC/DFIR Teams? - Sign up for a free ANY.RUN account! to Analyse Advanced Malware Files

However, with 8-k filling, the company acknowledged that publicly available online tools could potentially be used to link phone numbers with individual names.

The telecommunications giant discovered the breach on April 19 but delayed public disclosure following recommendations from the U.S. Department of Justice.

AT&T has since implemented additional cybersecurity measures and closed off the point of unauthorized access.

In response to the incident, AT&T is working with law enforcement to apprehend those responsible, with at least one person already in custody. The company plans to notify affected current and former customers and provide resources to help protect their information.

This breach follows another significant data leak earlier this year when AT&T reset passcodes for approximately 7.6 million users after sensitive information was found on the dark web.

AT&T customers are advised to remain vigilant, monitor their accounts for suspicious activity, and be cautious of potential phishing attempts that may exploit the leaked information.

To find out if your data was exposed in the AT&T data breach, you have a few options:

1. Check your email: AT&T has begun sending email or letter notifications directly to affected customers. If you’re an AT&T customer (current or former), check your inbox for any communications from the company regarding the data breach.
2. Contact AT&T directly: If you haven’t received a notification but are concerned about your data, you can reach out to AT&T’s customer service for more information.
3. Monitor your accounts: Keep a close eye on your AT&T account and other financial accounts for any suspicious activity.
4. Check your credit reports: Monitor your credit reports for any unusual changes or unauthorized accounts opened in your name.

"Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!"- Free Demo