AT&T Reports Data Breach, Assures Customer Data Security

AT&T, a prominent US mobile operator, disclosed on Friday a significant data breach affecting nearly all of its customers over a six-month period in 2022, impacting approximately 90 million people. The company revealed that hackers illegally accessed call and message data stored on a third-party cloud platform used by AT&T.

In a statement, AT&T stated that the breach involved customer data from May 2022 to October 2022, primarily comprising phone call and text message records. The compromised data included AT&T mobile subscriber phone numbers and, in some instances, location information that could potentially reveal the origin of calls and texts. However, AT&T clarified that the breach did not expose the content of communications or personal details like names or social security numbers.

AT&T assured customers that the access point used by the hackers had been secured and that law enforcement had apprehended at least one individual involved. The company emphasized that, at present, there was no evidence suggesting the breached data had been made publicly accessible. AT&T is cooperating with law enforcement agencies in their efforts to address the breach and bring those responsible to justice.

This incident follows a previous cyberattack on AT&T earlier in the year, where personal data of more than 70 million current and former customers was leaked on the dark web. Darren Guccione, CEO of Keeper Security, highlighted that while the current breach involved less sensitive information compared to the previous incident, affected customers should take precautions to safeguard their identities. Guccione recommended steps such as changing AT&T account passwords, implementing multifactor authentication, monitoring bank accounts, and considering dark web monitoring services or credit freezes to protect against potential identity theft.

The Department of Justice confirmed it is investigating the breach, underscoring the seriousness with which the US government views cybersecurity breaches affecting large numbers of individuals.