Hackers Access Call and Text Records for Nearly All AT&T Cellular Customers
There was another serious breach of AT&T records that was reported in March, which may have involved access to customer social security numbers.
Communications giant AT&T made a disturbing admission this week, indicating that hackers had accessed records of calls and texts of “nearly all” its cellular customers for the period between May 1, 2022 to Oct. 31, 2022.
In its statement, AT&T said the compromised data doesn’t include the content of the calls or texts, or personal information such as Social Security numbers, birth dates or other personally identifiable information.
The hack also includes records from Jan. 2, 2023 for a “very small number of customers,” AT&T said.
The telecom giant said that it learned about the illegal download in April, and that it is working with law enforcement, noting that “at least one person has been apprehended.” While the files don’t include call or text content, AT&T said the data identifies telephone numbers that an AT&T number interacted with during the periods.
“At this time, we do not believe that the data is publicly available,” AT&T said in the statement.
AT&T reportedly has nearly 90 million cellphone subscribers. This particular breach was discovered in April of this year, after someone claimed to have accessed customer data. The company reports that one alleged hacker involved has been apprehended.
The hacker stole AT&T records accessed through an outside company’s cloud platform. The data didn’t include the content of calls or texts, nor did it have personal information like birth dates and Social Security numbers.
The stolen data showed the telephone numbers a customer contacted between approximately May and October 2022 and on Jan. 2, 2023, according to AT&T. The records also showed how many times those numbers were contacted and the total duration of calls over time. A subset of the data included details about cellular sites that could be used to determine users’ locations.
AT&T said it doesn’t believe the data was leaked to the public.
AT&T hasn’t said who the hacker was or how many people may have been involved. The cellphone carrier said at least one person connected to the hack was apprehended and it was working with law enforcement to arrest those involved.
There was another serious breach of AT&T records that was reported in March, which may have involved access to customer social security numbers.
In March, in a separate incident, AT&T said it had reset the passcodes of 7.6 million customers after it determined that a breach had affected roughly 70 million past or present customers. At the time, it said that compromised customer data that may have included Social Security numbers and the full names of customers was “released on the dark web.”
Beyond telecommunications, recent cyberattacks have crippled operations or have led to the release of troves of data belonging to hospital patients, Ticketmaster customers and others. In some cases, the primary goal of the attacks has not always been to steal data, but to disrupt services to such an extent that providers were more likely to pay ransoms. That seemed to be the goal in a cyberattack in June against a provider of critical software and data services used in auto retailing that slowed sales and the filing of paperwork at thousands of auto dealers across the United States and Canada.
John Dwyer, director of security research at Binary Defense, a cybersecurity solutions firm offered this advice via CNN Business:
…AT&T customers should be hypersensitive to phone calls and text messages where they’re being asked to do things like call a number, click a link or transfer money. That includes requests from what appears to be a number that you normally communicate with, Dwyer said.
“If someone calls or texts you and asks you to do something, make sure you call them back to verify that it’s actually them,” Dwyer said.
Of course, without stricter cybersecurity regulation, there isn’t much customers can do to protect against data breaches. That responsibility lies with the federal government and giant telecom companies, which experts say widely go unchecked.
It would be nice if the security agencies in the federal government weren’t so busy focusing on transgender rights or spying on Catholics and Pro-Life groups.
To say the AT&T customer base is unhappy is an understatement.
@ATT This is the second “hack” in less than 2 years where my data has been compromised and you failed to protect it
What are you going to do for me now?
Or should I just go to a different carrier and leave you behind in the dirt?— Laughing Infantry NCO (@MarneLandNCO) July 12, 2024
Donations tax deductible
to the full extent allowed by law.
Comments
Maybe putting massive amounts of data in the cloud and doing minimal amount to protect isn’t such a good idea.
But hey why worry about basic engineering and security – when there are still so many opportunities to rollout new DEI initiatives.
must have been dei cloud security
Again?!?
Voting machines are secure, though. Government workers ensure it.
How dare you question our election security! We have now had a couple of the most secure elections in history and are about to have one even more secure.
No machine can be trusted to do even what it’s programmed to do. Details in Ken Thompson’s Turing Lecture “On Trusting Trust.” Even checking the source code won’t help you.
All it takes is enough motivation, say losing an election.
This is why we must unlock the untapped power of the human mind and communicate through mental telepathy.
Replacing Biden with Marianne Williamson makes sense in this context. Please comment on astral plane.
Several years ago I stopped using AT&T for my landline and ISP. I found much cheaper alternatives. I kept my AT&T e-mail. A year ago I could no longer access my AT&T email. Someone had hacked it, and changed the password.
After extended communication with AT&T, AT&T cut off all access to my e-mail, but wouldn’t allow me to change my password.
If AT&T loses cellular customers over this recent data breach, my reaction is schaudenfreude.
att.net emails were taken over by yahoo with the name currently.com as I recall. You might be able to poke them.
I wonder if this hack also affected AT&T subsidiaries. Reason I’m wondering is that I’ve got Cricket as my cell phone provider and they’re a subsidiary of AT&T. Perhaps a phone call to Customer Support is in order. That is, if I ever get to a human being and not some dumb AI trying to fake it.
Consumer Cellular and they use ATT network so I have the same question as you
“That includes requests from what appears to be a number that you normally communicate with, Dwyer said.”
As a 1960s phone phreaker, I will aver that if the telcos really WANTED it to be impossible for hackers to misrepresent the phone number they were calling from, that ability would disappear overnight.
Probably the FBI did it. It’s a much easier way to get a searchable database of calls without a warrant.
As a former AT&T employee I”d like to point out that it’s really Pacific Bell, an entirely different company, not AT&T. Pacific Bell bought the name.