Nearly all customers affected by new AT&T data breach


AT&T, the American multinational telecommunication company, has said that customer data was illegally downloaded from a third-party cloud platform, and nearly all customers are affected.

The company is set to inform affected customers that their personal data may have been illegally downloaded by a threat actor.

“On April 19th, 2024, AT&T learned that a threat actor claimed to have unlawfully accessed and copied AT&T call logs,” a document submitted to the US Securities and Exchange Commission explained.

ADVERTISEMENT

In a statement, AT&T said that the data includes phone calls and text message records of “nearly all of AT&T cellular customers” between May 1st, 2022, October 31st, 2022, and January 2nd, 2023. The data breach also affects AT&T landline customers.

The call and text records show phone numbers and who the AT&T cellular and landline customers interacted with during the six-month period.

“The threat actors have used data from previous compromises to map phone numbers to identities. What the threat actors stole here are effectively call data records (CDR), which are a gold mine in intelligence analysis because they can be used to understand who is talking to who—and when," Jake Williams, former NSA hacker, said.

AT&T claims that the content of these calls and texts wasn’t downloaded, nor was personally identifiable information (PII) like Social Security numbers or dates of birth.

The telecommunications company said that although the data didn’t include names, it could be relatively simple to find the names associated with the specific numbers present in the data breach.

The company said that it believes that none of the data is publicly available.

AT&T serves upwards of 100 million customers in the US, meaning that data from hundreds of millions of people has been obtained and could be used for various nefarious activities.

This isn’t the first time that this huge multinational corporation has fallen victim to predatory threat actors.

ADVERTISEMENT

Previously, a leaked database with more than 70 million records, allegedly stolen from AT&T, was made available almost for free on the illicit marketplace BreachForums. Some researchers confirmed that the data is legitimate, but it's unclear how the hackers got their hands on it.

Even further back in 2022, the black hat cyber gang ShinyHunters claimed to have stolen 70 million records that belonged to mobile service provider AT&T. The sample of data for sale included AT&T users’ full names, Social Security numbers, email addresses, and dates of birth.