AT&T has just disclosed another old data breach, with this one exposing nearly every customer's phone call and text message records for a date range spanning six months in 2022.
The company made the disclosure on Friday morning. The company is specific about what got stolen, and believes that the data lifted is not yet publicly available.
Our investigation found that the downloaded data included phone call and text message records of nearly all of AT&T cellular customers from May 1, 2022 to October 31, 2022 as well as on January 2, 2023. These records identify other phone numbers that an AT&T wireless number interacted with during this time, including AT&T landline (home phone) customers. For a subset of the records, one or more cell site ID numbers associated with the interactions are also included.
The breach goes further than just AT&T customers. The data set also includes any number that an AT&T customer interacted with, including landline customers. Also included are total call durations, and counts of calls or texts to any given number.
AT&T says that the data doesn't include contents of calls or texts, or relevant time stamps. Other personally identifiable information like social security numbers or dates of birth are not included in the breach either.
At this time, it doesn't appear that AT&T is offering anything else to those impacted other than platitudes — but it does say in the disclosure filing that there is a way to see what phone numbers were exposed. It has confirmed that the access point where the data was stolen has been secured.
Around 110 million customers, past and present, are impacted by the breach. The company says that it learned about the breach on April 19. In a statement to AppleInsider, AT&T says that was cooperating with law enforcement in the ongoing investigation, and waited to disclose to avoid "undermining their work."
Like with TicketMaster, the data theft is related to cloud analytics platform Snowflake. As with the rest of the breaches associated with Snowflake, the analytics firm says that it is not responsible, and instead the customers that don't use multi-factor authentication are to blame.
Snowflake does not mandate multi-factor authentication.
This breach is unrelated to an earlier one, that the company disclosed in March 2024. In that one, the company reset passcodes for 7.6 million customers, three years after the breach happened.
The breach that the company reported then was denied for three years, after being reported on hacker forums in 2021.
Updated July 12, 8:13 AM Updated with reasoning from AT&T why they waited three months to disclose the breach to customers.
8 Comments
Other carriers just cannot buy advertising like this.
In the current world environment, this is worrying.
That said, at least for the text data, this highlights the value of those "blue bubbles," which indicate your message is encrypted and going through Apple's messaging servers, not through the cellular sms/mms network affected by this breach.
Between hacks like this, massive password leaks, companies intruding into your personal info, and the government spying on its citizens the only way left to protect your privacy is to drop off the grid. I give up.
Why do such logs even exist? Oh right, the same reason everything else that sucks about the digital age exists: advertising.