AT&T has admitted that “tens of millions” of customers were affected by a massive data breach that rocked the telecom giant in 2022. While the breach affected AT&T’s mobile phone customers, the company has since said the exposed data does not include the contents of personal conversations and messages and should not be public.
The customer data was downloaded from an AT&T workspace via a third-party cloud platform — all without permission, of course. The data consisted of the call and text messages of “nearly all” AT&T customers from May 1, 2022 through October 31, 2022, making it a textbook target for cybercriminals hoping to turn personally identifiable information into profit via the dark web.
Unfortunately, the data also lists the numbers that affected AT&T customers called and texted, as well as the number and duration of interactions.
Statement from AT&T also states that the data from the January 2, 2023 data breach only affected a small number of customers.
As previously noted, the leaked data does not include the contents of the leaked calls and text messages. It also does not include timestamps of calls or text messages, sensitive information like social security numbers, or personal information like dates of birth. AT&T also pointed out that while the data also does not include customer names, there are plenty of legitimate ways for anyone to link a mobile phone number to the name of the person using it.
What happens now?
AT&T has reassured customers that the affected access point has been secured – which is good news. The company has also partnered with law enforcement to track down the cybercriminals behind the attack. One person has already been caught and “arrested”
The company also stated that it will be contacting customers (current and former) to confirm whether their data was involved in the breach. So if you’ve been an AT&T customer since May 2022, you should be on the lookout for an email – just in case.
For anyone affected by the AT&T breach (or for the privacy-minded among you), there are a few things you can do to minimize the damage to your overall digital security. First, it’s worth changing the password associated with your AT&T account, especially if you use it for other sites and apps. Next, I recommend checking out one of the best VPNs available today. A VPN will keep all of your personal information hidden from prying eyes and snooping third parties, encrypting it as you go about your day-to-day browsing. Plus, our #1 rated VPN, NordVPN, even has handy Threat Protection tools that filter out pop-up ads and thwart phishing attempts.