Have Your AT&T Calls and Texts Been Leaked? Everything You Need to Know About a Massive Data Breach

Nearly all of AT&T’s 110 million mobile subscribers suffered a major data breach, leaving them wondering what information might have been leaked.

The data breach, which occurred over a five-month period in 2022, included records of phone calls and text messages that would have exposed people’s personal communications.

Hackers could also have gained access to geographic location by using identification numbers associated with cell towers and linked to account phone numbers.

While the exposed data did not include customers’ names, there are “publicly available online tools” that can link numbers to individuals’ identities, AT&T said.

What AT&T information was leaked?

AT&T announced the data breach on Friday, saying the stolen data included data from May 1 through October 31, 2022, as well as data from January 2, 2023.

The data showed which phone numbers AT&T customers called during that period, how many calls and texts were made to a specific person, and how long the calls lasted in total.

But the information obtained did not include timestamps of calls and text messages, nor did it reveal names, dates of birth or citizen service numbers.

According to AT&T, calls and text messages were linked to one or more cell tower identification numbers, which could reveal the general location of one or more parties.

If the data were leaked, the information would reveal who AT&T customers were calling and texting, putting high-profile individuals like politicians and executives at risk.

This is because the telephone numbers are linked to each other, allowing malicious parties to determine the name associated with a specific telephone number.

AT&T explained that the information was downloaded from a third-party cloud platform from AT&T’s workspace on Snowflake – a cloud-based data warehouse that enables companies to manage, store and process customer data and files.

Brad Jones, Chief Information Security Officer at Snowflake, said CNN that they found no evidence that the cyberattack was not “caused by a vulnerability, misconfiguration, or compromise of the Snowflake platform.”

How do you know if you are affected?

AT&T has already taken cybersecurity measures to shut down the access point compromised by the hackers and plans to notify affected customers soon.

A website is also being set up where customers can check whether their data was compromised in the attack. AT&T has not yet indicated when the website will go live.

The company said Friday that the breach had no impact on AT&T’s operations and wanted to assure customers that it “does not believe the data is publicly available.”

According to cybersecurity expert Collin Walke, the positive thing about the attack is that “no actual text content was accessed.”

However, he warned people about the consequences of these types of hacks. According to him, it should remind everyone that everything you do online leaves a digital footprint.

“The consequences of hacks like this … should raise our awareness of the problems we face in the future. This hack didn’t access content, but we don’t know when the next one will,” Walke said.

Why did it take AT&T three months to inform customers?

AT&T reported that on April 19 it learned that a “threat actor claimed to have unlawfully accessed and copied AT&T’s call logs.”

The company said it “immediately” hired experts to investigate the attack, which found that hackers stole the 2022 files between April 14 and April 25.

The FBI is investigating the cyberattack and at least one person has been arrested in connection with the hack.

Walke called the delay “extremely concerning” and called on regulators to take action to ensure people are informed more quickly.

“And while the content wasn’t included in this hack, what if it had been? Consumers wouldn’t have known about this for months!” he said.

AT&T reportedly did not immediately notify customers because the U.S. Department of Justice (DOJ) ruled that “a delay in public disclosure was warranted.”

The FBI told Dailymail.com that AT&T contacted the agency to report the incident shortly after it discovered a possible breach.

“AT&T, the FBI, and the Department of Justice worked together during the first and second deferral processes, sharing critical threat information to enhance the FBI’s investigative capabilities and support AT&T in responding to incidents,” the FBI said.

“The FBI is prioritizing assistance to victims of cyberattacks. We encourage organizations to build a relationship with their local FBI office in advance of a cyber incident and to contact the FBI as soon as possible in the event of a breach.”

A Justice Department spokesperson told DailyMail.com that AT&T’s delay in notifying customers contributed to the department’s conclusion that disclosing the cyberattack “would pose a substantial risk to national security and public safety.”

How many times has AT&T been hacked this year?

While AT&T reportedly learned of the cyberattack, the company was dealing with another breach that saw customer data from 2019 or earlier leak onto the dark web.

The dark web is a hidden part of the internet that requires a specific browser to access. It allows users to hide their identity and location from others, including law enforcement.

The attack leaked social security numbers and other personal information, forcing the company to reset the passwords of 73 million accounts.

It affected 7.6 million current AT&T customers and approximately 65.4 million former account holders.

In March, AT&T notified customers that a marketing vendor the company used had been hacked in January, exposing the personal information of mobile account holders.

The breach exposed the Customer Proprietary Network Information (CPNI) of approximately 9 million AT&T users, including first names, mobile account numbers, mobile phone numbers, and email addresses.

Dozens of class-action lawsuits have been filed against AT&T in response to the cyberattacks, alleging that the company knew about the breaches but failed to act.