AT&T has disclosed a massive data breach that affects nearly all of its customers. The stolen records, which AT&T says were “illegally downloaded from our workspace to a third-party cloud platform,” include every call and text message record of every AT&T cellular customer from May 1, 2022 to October 31, 2022, as well as a small subset of customers from January 2, 2023.
The company has made it clear that the content Call and SMS data has not been released. But the hackers have a record of every call or SMS made or received, as well as the number and duration of calls for some during those specific months.
Note that this affects more than just AT&T customers: anyone who called or texted an AT&T number (including landline service) during this time period would appear in these records.
Customer names and other personal information are not part of the data, but it is often not difficult to associate a name with a phone number.
The company says it has secured the hotspot and will contact all affected customers. You can visit att.com/dataincident for more information, including a link for customers to check if their account has been affected.
