AT&T disclosed that it has suffered another major breach, this one impacting “phone call and text message records of nearly all of AT&T cellular customers.”
According to the company, bad actors accessed company data via a third-party cloud platform workspace. The downloaded records were from May 1, 2022 to October 31, 2022, as well as January 2, 2023.
The downloaded data includes the following:
The call and text records identify the phone numbers with which an AT&T number interacted during this period, including AT&T landline (home phone) customers. It also included counts of those calls or texts and total call durations for specific days or months.
The following data was not compromised:
The downloaded data doesn’t include the content of any calls or texts. It doesn’t have the time stamps for the calls or texts. It also doesn’t have any details such as Social Security numbers, dates of birth, or other personally identifiable information.
While the data doesn’t include customer names, there are often ways to find a name associated with a phone number using publicly available online tools.
The company is notifying impacted customers, both current and former.