AT&T has disclosed a massive data breach that affects nearly all of its customers. The stolen records, which AT&T says were “downloaded illegally from our workspace on a third-party cloud platform,” include every call and text record for every AT&T cellular customer from May 1, 2022 to October 31, 2022 as well as a small subset of customers from January 2, 2023.
The company was clear that the content of calls and texts was not exposed. But the hackers have a record of every call or text made or received along with counts and call durations for some calls during those specific months.
Note that this affects more than just AT&T customers—anyone who called or texted an AT&T number (including landline service) during this time would show up as part of these records.
Customer names and other personal information is not part of the data, but it is often not difficult to associate a name with a phone number.
The company says it has secured the access point and will contact all affected customers. You can visit att.com/dataincident for more information, including a link for customers to check if their account was affected.