AT&T data breach impacts tens of millions of customers

A&T customer data has been exposed in another data breach.

The company said “nearly all” customer call and text records were stolen by “threat actors” from mid-to-late 2022, as outlined in an SEC filing on Friday. The company revealed to CNN that the records were accessed on Snowflake, a third-party data warehousing tool which recently made headlines for hosting data stolen from Ticketmaster.

The news outlet also said “tens of millions” of A&T customers have been affected.

A&T said the content of calls and texts were not exposed, nor were other personally identifiable pieces of information like Social Security numbers and dates of birth. However, the telephone numbers and records of calls and texts of AT&T wireless customers were a part of the leak: such records include the total of a customer’s calls and texts, as well as call durations.

While names weren’t exposed, and AT&T acknowledged that “there are often ways, using publicly available online tools, to find the name associated with a specific telephone number.”

This leak affected those who used AT&T’s network between May 1, 2022 and Oct. 31, 2022. Additionally, the company said “a very small number” of customers were impacted on Jan. 2, 2023.

At this time, the data is not “publicly available”, according to AT&T’s customer support page for the unlawful access of data.

“We hold ourselves to a high standard and commit to delivering the experience that you deserve,” AT&T wrote in a statement to Mashable, which is also available online. “We constantly evaluate and enhance our security to address changing cybersecurity threats and work to create a secure environment for you. We invest in our network’s security using a broad array of resources including people, capital, and innovative technology advancements.”

Back in March, the telecoms giant had another, unrelated, leak on its hands: one that unfortunately included Social Security numbers and encrypted passcodes. It wasn’t the first. In 2021, too, AT&T experienced another data leak which it has been accused of never acknowledging.

UPDATE: Jul. 12, 2024, 12:43 p.m. EDT Updated with AT&T’s statement to Mashable.