AT&T confirms massive data breach affecting over 100m customers
In a concerning development for millions of Americans, AT&T, the telecommunications giant, confirmed a major data breach on Friday last week that exposed information for "nearly all" of its customers. This translates to over 100 million individuals potentially impacted.
The company confirmed that hackers accessed an internal workspace on a third-party cloud platform and stole call and text log data for a period spanning May 1, 2022, to October 31, 2022, with a limited number of records from January 2, 2023, also compromised.
According to the telecommunications company, the breach did not expose the content of calls or texts, nor did it access personal information like Social Security numbers, birth dates, or other identifying details.
However, the stolen data includes phone numbers of those who interacted with AT&T or MVNO (mobile virtual network operator) customers using AT&T's network. This includes phone numbers of AT&T landline customers and subscribers of other carriers. Additionally, the data includes the number of interactions (calls or texts) and total call duration for specific periods. Cell site location data was also compromised for a limited number of records
In its report, AT&T noted that it launched an investigation upon discovering the breach in April 2024 and engaged cybersecurity experts. They have also taken steps to secure the compromised access point and are notifying affected customers.
The delay in public disclosure was made with the approval of the U.S. Department of Justice. AT&T is cooperating with law enforcement, and reports suggest at least one individual has been apprehended. The company assures customers that, as of now, the stolen data is not believed to be publicly available.
While the financial impact of the breach remains unclear, AT&T asserts that its day-to-day operations are unaffected. Still, security experts warn that even call log data, when combined with publicly available information, can be exploited for social engineering attacks and targeted scams.
AT&T recommends its customers stay vigilant and be cautious of unsolicited calls, texts, or emails, especially those requesting personal information.
Σχόλια