Another data breach hits AT&T, this time leaking millions of call records

2024 hasn’t been faring so well for carrier security. T-Mobile suffered a data breach in June 2024, where the threat actors ran off with its source code, t-mobile.com certifications, and other sensitive information. The carrier straight out denied the breach of its systems, pointing its finger at an unnamed third-party vendor.

AT&T did something similar after a data breach that it suffered back in 2021, claiming that the hacker did not access sensitive information from its systems while pointing fingers at third parties, before coming to grips with it and acknowledging the breach earlier this year. At the time, everything from AT&T customers’ social security numbers to email addresses might have made its way onto the dark web, and now, it appears to be happening again.

As revealed after a recent internal AT&T investigation, millions of its customers’ call and text records were reportedly stolen by hackers, as shared by the carrier in a new SEC filing, with the carrier again pointing its finger at a third-party cloud platform that the hackers were able to “unlawfully access (via NBC News). According to the carrier, the threat actors acted between April 14 and April 25, stealing call record data ranging between May 1 and October 31, 2022, as well as on January 2, 2023, stealing six months worth of call and text records. Additionally, the breach included call and text records of all of AT&T’s MVNOs, which include Black Wireless, Cricket, H20 Wireless, Jolt Mobile, and many more.

Related

Complete list of AT&T MVNO carriers

Reach out and touch someone with one of these MVNOs

AT&T says that the content of the records was not compromised, and no personal customer information could be breached, except phone numbers. “The data does not contain the content of calls or texts, personal information such as Social Security numbers, dates of birth, or other personally identifiable information,” wrote AT&T. However, in addition to the AT&T customers’ phone numbers, the record also gives threat actors access to the phone numbers of people that the compromised customers interacted with, the frequency of interactions, and an “aggregate call duration for a day or month.” AT&T also acknowledges that while no customer names were leaked as part of the breach, the threat actors can link names to phone numbers, “using publicly available online tools.”

Notifications are going out, and there’ll likely be a lot

Source: Statista

In 2022, AT&T serviced anywhere between 200 million and 217 million wireless subscribers and connections, with a roughly 30 percent market share, potentially making this one of the biggest carrier breaches of all time. The carrier is currently notifying those impacted, and has reportedly made one arrest in connection with the breach. It has also taken measures to seal off the threat actors’ entry points.

As customers who’ve potentially had their information leaked, here are some steps you can take to ensure your digital safety. As cliché as it may sound, be vigilant against suspicious SMS messages, and change passwords for any accounts where you might have used the same password as your AT&T account. At the moment, there is no indication of customer credentials being breached, but you’d better be safer than sorry. It would also be prudcent to enable 2FA authentication on all your accounts, not just sensitive ones, instead of using text message authentication.

Elsewhere, you can lock your SIM card behind a passcode that you must enter every time you restart your device, or lock your phone number directly via your service provider to prevent SIM Swap attacks.

Related

How to protect yourself from a SIM-swap attack

The risks are never zero but you can minimize them