(Credit: Joe Raedle/Staff via Getty Images)
A trove of AT&T call and text records was downloaded by an unknown threat actor in April. Now, AT&T says the scope of the breach impacts "nearly all" of its cellular customers.
"Customer data was illegally downloaded from our workspace on a third-party cloud platform," AT&T said today. A rep for the carrier confirmed to PCMag that the cloud provider in question is Snowflake Inc., which has been targeted by hackers and tied to a Ticketmaster breach and another impacting the bank Santander.
"We have taken steps to close off the illegal access point," AT&T added. "We are working with law enforcement in its efforts to arrest those involved in the incident. We understand that at least one person has been apprehended."
The Federal Communications Commission said it's also investigating the breach.
AT&T customers with wireless plans as well as those with landline phones that interacted with AT&T wireless customers between May and October of 2022 likely saw their phone numbers included as part of the downloaded dataset. The carrier says the records expose which numbers AT&T wireless customers called and texted during those periods as well. In some cases, the leaked records include the "cell site identification numbers" for those interactions, which could be used to determine users' approximate geographic locations.
"It also included counts of those calls/texts and total call durations for specific days or months," an AT&T representative confirms to PCMag via email.
Customers of AT&T mobile virtual network operators, or MVNOs, were also exposed in the breach, according to the release and a filing with the US Securities and Exchange Commission. Roughly a dozen other carriers are AT&T MVNOs, including Boost Mobile. PCMag has reached out to Boost for comment. An AT&T rep confirmed to PCMag that customers of Cricket Wireless, which AT&T owns, are also included in the breach.
The accessed records do not include the actual contents of any calls or texts, meaning what you actually messaged during those time periods was not exposed. Timestamps of when the calls or texts took place were not included in the leaked dataset, either, AT&T says. It doesn't include customer names, birth dates, or Social Security numbers. The carrier claims that none of the downloaded data has yet been made public.
AT&T customers will need to be on guard for phishing schemes and spoofed texts and calls.
In March, AT&T said that some of its customer records from 2019 "or earlier" were leaked on the dark web. It then reset the passwords of 73 million accounts. It did not state whether that breach came from AT&T itself or a third party, but noted that this older breach included leaked Social Security numbers and other personal information. The AT&T spokesperson confirmed that this data leak is a separate incident unrelated to the April call and text records breach.
AT&T is now facing dozens of class-action lawsuits in the wake of these hacks. More broadly, other recent data breaches and leaks more have put millions of Americans' data at risk. We have some tips for how to protect yourself.