Data of Nearly All AT&T Customers Downloaded to Third-Party Platform in Major Data Breach

In a major security breach, AT&T announced that data from nearly all of its customers was downloaded to a third-party platform. This breach, which spanned five months in 2022, affected not only AT&T's cellular customers but also those of mobile virtual network operators (MVNOs) using AT&T’s wireless network, as well as its landline customers who interacted with cellular numbers. Approximately 109 million customer accounts were impacted, though AT&T currently believes that the data is not publicly available.

AT&T clarified that the compromised data did not include the content of calls or texts, personal information like Social Security numbers, dates of birth, or other personally identifiable information. Additionally, it did not contain time stamps of calls or texts or customer names. However, experts warn that the exposed data can still be used to trace users. Thomas Richards, principal consultant at Synopsys Software Integrity Group, noted that such data can be pieced together to reveal private calls and connections.

An internal investigation revealed that the compromised data includes AT&T records of calls and texts between May 1, 2022, and October 31, 2022. The breach was traced to an AT&T workspace on the Snowflake platform and did not impact AT&T’s network. Roei Sherman, Field Chief Technology Officer at Mitiga, highlighted the risks associated with the vast amounts of data companies store on cloud platforms, emphasizing the complexity of detecting and investigating such breaches.

AT&T is continuing its investigation with the help of cybersecurity experts. So far, one individual has been apprehended in connection with the breach. The compromised data also includes records from January 2, 2023, for a small number of customers, identifying telephone numbers interacted with during these periods, and for some records, associated cell site identification numbers.

The Federal Bureau of Investigation (FBI) has been collaborating with AT&T and the Justice Department to bolster investigative efforts and assist with incident response. The Department of Justice (DOJ) became aware of the breach early this year but delayed public disclosure to avoid posing a risk to national security and public safety. The Federal Communications Commission (FCC) is also investigating.

This breach is one of several major data breaches this year, including a previous attack on AT&T in March, where Social Security numbers and other information of millions of current and former account holders were exposed. Other industries, such as auto dealerships and educational institutions, have also been impacted by cyberattacks recently.

AT&T customers seeking more information or live updates on the data breach can visit att.com/DataIncident.