Last updated
AT&T has just disclosed another old data breach, with this one exposing nearly every customer’s phone call and text message records for a date range spanning six months in 2022.
The company made the disclosure on Friday morning. The company is specific about what got stolen, and believes that the data lifted is not yet publicly available.
Our investigation found that the downloaded data included phone call and text message records of nearly all of AT&T cellular customers from May 1, 2022 to October 31, 2022 as well as on January 2, 2023. These records identify other phone numbers that an AT&T wireless number interacted with during this time, including AT&T landline (home phone) customers. For a subset of the records, one or more cell site ID numbers associated with the interactions are also included.
The breach goes further than just AT&T customers. The data set also includes any number that an AT&T customer interacted with, including landline customers. Also included are total call durations, and counts of calls or texts to any given number.
AT&T says that the data doesn’t include contents of calls or texts, or relevant time stamps. Other personally identifiable information like social security numbers or dates of birth are not included in the breach either.
At this time, it doesn’t appear that AT&T is offering anything else to those impacted other than platitudes — but it does say in the disclosure filing that there is a way to see what phone numbers were exposed. It has confirmed that the access point where the data was stolen has been secured.
Around 110 million customers, past and present, are impacted by the breach. The company says that it learned about the breach on April 19. It’s not clear why it took the company three months to reveal.
Like with TicketMaster, the data theft is related to cloud analytics platform Snowflake. As with the rest of the breaches associated with Snowflake, the analytics firm says that it is not responsible, and instead the customers that don’t use multi-factor authentication are to blame.
Snowflake does not mandate multi-factor authentication.
This breach is unrelated to an earlier one, that the company disclosed in March 2024. In that one, the company reset passcodes for 7.6 million customers, three years after the breach happened.
The breach that the company reported then was denied for three years, after being reported on hacker forums in 2021.
