AT&T Data Breach

We’ve had a few clients ask about the AT&T Breach and what could be expected with a full leak of all texts and messages. Here’s our current take on this matter. AT&T reportedly did not lose full content data, but rather metadata including things like the duration of the call, numbers contacted, call counts, and in some cases cell towers used. Normally we don’t like to simply repeat news, but in this case, it seems prudent to clarify —all based on what we’re reading:

****************************

AT&T on Wednesday disclosed information regarding a significant data breach on one of their third-party cloud platforms.[2] They confirmed that nearly all AT&T customer data was illegally downloaded from their workspace, including records of their customer phone calls and text messages ranging from May 1, 2022, to January 2, 2023.[3]

Initial reporting suggested AT&T had lost all text data. However, new communications suggest the stolen records do not include the content of the phone calls or messages but only data about the content, such as duration of the call, numbers that AT&T customer interacted with, and counts of calls & messages for a specific day/month.[2]

According to AT&T, they have confirmed that the access point is now secure, and they are working with leading cybersecurity experts to determine the nature and scope of this issue. The data is not publicly available, and they are also continuing to work with the law enforcement to arrest those involved. Yet, they have only apprehended one person.[3]

According to an article on Wired, this data breach occurred in April by a hacker who is a part of a notorious ransomware group called ShinyHunters.1 AT&T had already paid the ransom in May and demanded a video that proved that the data was deleted. The ransom was paid in bitcoin and the amount was upward of $300,000.[1]

If you are or were a AT&T customer during this time frame and would like to see the data that was breached, please use the link below to request it from AT&T:

Current customers
Consumer

• AT&T wireless and home phone: Get details

• AT&T Prepaid: Submit a data request

FirstNet®

• Agencies: Get details

• Individual subscribers: Get details

Business

• myAT&T users: Get details

• Premier users: Get details

Prior customers
If you had service between May 2022 and November 2022 and were affected, AT&T will send you a notification with your account number(s) and a case number. You’ll need these details to submit your request.

• Former AT&T wireless and home phone: Submit a data request

• Former AT&T Premier user: Latest status: “Come back on July 19, 2024 for more info”

More information may be available on the AT&T website (https://www.att.com/support/article/my-account/000102979?source=EPcc000000000000U).

[1] Zetter, Kim. “AT&T Paid a Hacker $370,000 to Delete Stolen Phone Records.” Wired, Conde Nast, 14 July 2024, www.wired.com/story/atandt-paid-hacker-300000-to-delete-stolen-call-records/. 

[2] Balaji. “AT&T Data Breach - Nearly All Customers Call & Text Logs Leaked.” Cyber Security News, 12 July 2024, cyberpress.org/att-data-breach/. 

[3] “Unlawful Access of Customer Data.” AT&T, www.att.com/support/article/my-account/000102979?source=EPcc000000000000U. Accessed 15 July 2024.