AT&T Data Breach Exposes Phone Records of ‘Nearly All’ Customers
Toggle Dark Mode
If you’re an AT&T customer, you may want to consider switching carriers, as AT&T has just suffered its second major data breach of 2024.
In April, AT&T acknowledged a massive data breach that exposed account passwords, names, addresses, and even Social Security Numbers for approximately 73 million AT&T customers, although the data was stale enough that only 7.6 million of the records applied to folks who were still AT&T customers; the other 65.4 million had moved on by the time the data was confirmed as authentic.
AT&T responded by forcibly resetting the passwords of customers who were still with AT&T. Still, the presence of credit card and SSN information meant that all customers — current and former — were advised to keep an eye out for identity fraud.
If there’s a silver lining in this latest breach, it’s that it’s arguably less severe, but it’s also much broader in scope.
In a statement to TechCrunch, AT&T said that the breach contains data from “nearly all” of its customers. It’s begun notifying around 110 million people to advise them of the breach.
The data stolen in this case contains the numbers of the company’s cellular and landline customers, plus records of calls and text messages placed, sent, or received by those numbers between May 1, 2022, and October 31, 2022. These records detail who called or texted who during that period and how long calls lasted, but there’s no date and time detail for when calls were placed, or texts were sent, although there are counts of how many texts were sent by a given number on specific days or months.
None of the records include the content of calls or text messages.
However, AT&T also adds that some records include the cellular site identification numbers associated with each call or text. This could be used to determine where a user was when they placed a call or sent a text.
In other words, this data could confirm that two people were communicating with each other and for how long and where they were when they chatted, but it doesn’t reveal what they talked about or when they did so.
AT&T posted a statement on its website outlining the situation and will notify affected customers directly.
Our investigation found that the downloaded data included phone call and text message records of nearly all of AT&T cellular customers from May 1, 2022 to October 31, 2022 as well as on January 2, 2023. These records identify other phone numbers that an AT&T wireless number interacted with during this time, including AT&T landline (home phone) customers. For a subset of the records, one or more cell site ID numbers associated with the interactions are also included.AT&T
The carrier adds that it doesn’t believe the data is publicly available at this point and that there is no personally identifiable information in the data other than the phone numbers. However, it acknowledges that it would be possible for someone to turn that into a name “using publicly available online tools.”
AT&T notes that the two data breaches this year are unrelated and that this latest data was exposed as a result of an attack on Snowflake, a cloud data analytics service. AT&T declined to explain to TechCrunch why customer data was stored in Snowflake. However, the provider has suffered several data thefts recently, including a high-profile Ticketmaster breach in May.
AT&T is working with law enforcement and reports that “at least one person has been apprehended” by the FBI. While the breach was discovered in April, AT&T, the FBI, and the US Department of Justice delayed notifying customers at least twice due to “potential risks to national security and/or public safety.”