Approximately 110 million AT&T customers had their data stolen in a data breach that included phone call and text message records of nearly all AT&T cellular customers from May 1, 2022, to October 31, 2022. Some calls and texts on January 2, 2023, were also stolen.
These records identify other phone numbers that an AT&T wireless number interacted with, including AT&T landline (home phone) customers.
The Federal Communication Commission said on X, “We have an ongoing investigation into the AT&T breach and we’re coordinating with our law enforcement partners.”
Why is this important? The stolen data doesn’t include the content of any calls or texts. It doesn’t have the time stamps for the calls or texts. It also doesn’t include details such as Social Security numbers, dates of birth, or other personally identifiable information.
While the data doesn’t include customer names, AT&T there are easy ways to find a name associated with a phone number using publicly available online tools. This is where the potential for consumer fraud and even dangerous situations can occur.
“The attackers know exactly who you’re likely to pick up a call from, who you’re likely to text back, how long you communicate with that person, and even potentially where you were located during that conversation due to the metadata that was stolen,” said Rachel Tobac, founder of cybersecurity firm SocialProof Security.
What should you do? Be extra vigilant about any calls or texts that you receive. If you have even the slightest inkling that a call or text isn’t quite right, ask a few questions or call that person back yourself to be sure it is them. And, this is key, change your passwords and make sure you choose a secure password – not just your dog’s name and house number.
The type of data stolen makes it easy for cybercriminals to impersonate people you might know and trust making it easier to trick you into sending money to someone or giving out personal information such as a social security number or credit card number. Cybercriminals can also use location data that can reveal personal details about your life such as where you live, work, vacation, etc.
Tobac said, “ typically private/sensitive conversations that require secrecy” can be revealed”.
AT&T has set up a process at the link below for you to get a list of the phone numbers associated with your calls and texts that were part of the stolen data.
If you have additional questions about how your AT&T account may have been affected you can call 800-852-4346 or visit att.com/DataIncident