Well, this is never good.
Wireless carrier AT&T has disclosed that a massive data breach has affected nearly all of its customers. The stolen records, which AT&T says were “downloaded illegally from our workspace on a third-party cloud platform,” include every call and text record for every AT&T cellular customer from May 1, 2022 to October 31, 2022 as well as a small subset of customers from January 2, 2023.
AT&T cited that the content of the calls and texts was not exposed, but that the records for the data include call counts and call durations for some calls during those specific months. The breach also includes pertinent data beyond AT&T customers, including anyone who sent or received a call or text to an AT&T number.
Customer names and other personal information is not part of the data, but it is often not difficult to associate a name with a phone number. AT&T has also stated that the company has secured the access point and will contact all affected customers. Users can visit att.com/dataincident for more information, including a link for customers to check if their account was affected.
Stay tuned for additional details as they become available.