AT&T data breach: Were you affected? Here's what to do.
The call and text message records of nearly all of AT&T's cellular customers were exposed in a data breach, the company said Friday. The company said in a filing with the U.S. Securities and Exchange Commission it learned in April that customer data was illegally downloaded from an AT&T workspace on a third-party cloud platform. The company said it is working with law enforcement to arrest those involved in the incident and that at least one person has been apprehended. "We have an ongoing investigation into the AT&T breach and we're coordinating with our law enforcement partners," the Federal Communications Commission said on social media Friday morning.
What to do if affected by the breach
In the SEC filing, AT&T said the threat actors exfiltrated files containing records of customer call and text interactions that occurred approximately between May 1 and October 31, 2022. The company said the compromised data also includes records from January 2, 2023 for a "very small number of customers." In addition to cellular customers, customers of mobile virtual network operators (MVNOs) using AT&T's wireless network and AT&T landline customers who interacted with these cellular numbers were also affected. AT&T said it will contact affected customers by text, email or U.S. mail. Customers can also check their accounts online to see if they were affected.
AT&T said in a news release Friday that "the data does not contain the content of calls or texts, personal information such as Social Security numbers, dates of birth, or other personally identifiable information." "It also does not include some typical information you see in your usage details, such as the time stamp of calls or texts," the company added. AT&T also said that while the compromised data also does not include customer names, there are often ways, using publicly available online tools, to find the name associated with a specific telephone number. "At this time, we do not believe that the data is publicly available," the company said in the news release.
Additional information about the breach
AT&T said that as a general rule, customers should remain cautious of any phone call or text request asking you for personal, account or credit card details. If you suspect: AT&T also says customers should only open text messages from people you know and trust, and shouldn't reply to a text from an unknown sender with personal details. While AT&T says Social Security numbers were not exposed in the data breach, customers who are concerned about being exposed can follow this guidance from the Federal Trade Commission. While AT&T said that "personally identifiable information" wasn't involved with the data breach, if you suspect your banking information has been leaked, the FTC suggests:
