Millions of users’ call, text records exposed in a massive AT&T data breach

AT&T data breach

US-based telecom service provider AT&T has conformed that user data of millions of its customers — and some non-customers — was exposed in a big data breach. In a statement, the telecom company said that earlier this year in April, it found out that customer data was illegally downloaded from its workspace on a third-party cloud platform.

AT&T said that it launched an investigation and engaged cybersecurity experts to understand the nature and scope of the criminal activity.

The investigation revealed that the exposed data included files containing AT&T records of calls and texts of nearly all of its cellular customers, customers of mobile virtual network operators (MVNOs) using AT&T's wireless network, as well as AT&T's landline customers who interacted with those cellular numbers between May 1, 2022 - October 31, 2022. While AT&T hasn’t put a number, a report by Reuters suggests that close to 109 million customers’ data was leaked.

AT&T said that the data does not contain the content of calls or texts, personal information such as Social Security numbers, dates of birth, or other personally identifiable information. It also does not include some typical information you see in your usage details, such as the time stamp of calls or texts.

However, the company said bad actors may have used certain tools to find customers' names. “While the data does not include customer names, there are often ways, using publicly available online tools, to find the name associated with a specific telephone number,” said AT&T. The company said that it doesn’t believe that any of the data is publicly available. “We will provide notice to current and former customers whose information was involved along with resources to help protect their information,” said AT&T.

The telecom giant also said that it worked with cybersecurity experts to close the illegal access point.