On Friday, AT&T disclosed a significant cybersecurity breach that compromised call records and texts from nearly all its cellular customers.
This includes users on mobile virtual network operators (MVNOs) utilizing AT&T’s network, such as Cricket, Boost Mobile, and Consumer Cellular. The data breach encompasses records from May 1, 2022, to October 31, 2022, with additional data from a small number of customers on January 2, 2023.
AT&T spokesperson Alex Byers confirmed to The Verge that the breach occurred through a third-party cloud platform, Snowflake, which has previously experienced similar breaches affecting companies like Ticketmaster and Santander Bank. Despite first learning of the breach in April, AT&T, the FBI, and the Department of Justice delayed public notification due to potential risks to national security and public safety, as reported by TechCrunch.
The compromised data includes phone numbers customers interacted with, counts of those calls and texts, and total call durations for specific days or months. Importantly, the breach did not include the content of calls or texts, timestamps, Social Security numbers, dates of birth, or other personally identifiable information. While customer names were not part of the stolen data, it’s possible to link phone numbers to names using publicly available tools.
AT&T has stated that it does not believe the breached data is publicly accessible and has taken measures to close the illegal access point. The company is collaborating with law enforcement to apprehend those responsible, with one individual already arrested. Current and former customers whose information was compromised will be notified and provided with resources to protect their information.
AT&T expressed deep regret over the incident and reaffirmed its commitment to safeguarding customer data. This breach follows a previous leak that exposed information of over 70 million current and former AT&T customers.
