According to AT&T, hackers breached data from nearly all their customers in 2022. The breached data includes telephone numbers and names of “nearly all” of their customers. The breach included data spanning from May 1, 2022, to October 31, 2022. The leaked data logs reportedly contain the numbers and call times of every AT&T customer who called or texted.
They confirmed that hackers did not leak data such as call information and customer social security numbers. AT&T revealed that the breach exposed a subset of data with some cell identification numbers linked to calls. This information could provide broad geographic details to whoever possesses the data.
People can easily find the identities of the callers through public records searches.
AT&T has also stated that the breach originated from an “illegal download” on a third-party cloud platform. This all occurred in the wake of the company’s other major data breach. That incident involved selling customer data on the dark web.
The company has been closely working with the FCC to investigate and handle the issue. In the words of the FCC, “We have an ongoing investigation into the AT&T breach, and we’re coordinating with our law enforcement partners.”
In a filing with the Securities and Exchange Commission, AT&T states that at least one person involved is in custody. When CNN asked about this statement, the FBI refused to comment.
Delayed Disclosure Due to the Justice Department
AT&T knew about the breach long before they notified consumers. Around late May and early June of this year, the Justice Department deemed a delayed disclosure warranted for the incident.
AT&T notified the Justice Department shortly after the breach, and an investigation began. The department planned to investigate possible national security and public safety concerns. Interestingly, this is the first reported incident in which the Justice Department encouraged a delayed disclosure from a major company.
When asked about the breach, Jason Hogg, a former FBI agent, said, “quite significant because it could allow bad actors to determine certain consumers’ geolocation, which could be used to make the social engineering attacks more believable.”
While some respect the Justice Department’s decision to delay the disclosure, others feel frustrated. Some people claim the delayed disclosure was dishonest and could have allowed more time for their information to spread without their knowledge.
What Should AT&T Customers Do?
As a consumer, there isn’t much you can do in the wake of a major security breach. AT&T will take steps to alert consumers who were impacted by the incident. This communication will come via text, email, or U.S. mail. Additionally, AT&T customers can log into their accounts and check if information was leaked.
An AT&T spokesperson said customers “can also request a report that provides a more user-friendly version of technical information that was compromised.”
For more information on what to do following the AT&T data breach and to learn how to check your data, the company is ushering customers to att.com/DataIncident.
AT&T is not providing additional identity protection services in response to the incident. However, they have warned customers to be cautious of emails or texts from unknown numbers that ask for personal information. Instead, they should go directly to the AT&T main website instead of clicking any links that could be fraudulent.
If customers involved in the breach receive messages like this, they should report them. AT&T has a special set of instructions for reporting unwanted messages. They urge their clients that reporting can help them understand and address issues that are related to the security breach.
Summary of AT&T Data Breach
In the end, AT&T is just another company facing ongoing issues related to safety, data, and consumer protection. Unfortunately, their safety breach possibly affects tens of millions of consumers.
In their words, AT&T is working with governmental entities to investigate and bring the responsible parties to justice. Although they are not offering extra identity protection, they do their best to guide and protect their customers during this troubling time.