AT&T Discovers Data Breach Impacting Customers
AT&T, one of the largest telecommunications companies in the United States, recently announced a data breach that occurred in April. The breach involved an unauthorized download of data from a third-party cloud platform and affects nearly all of AT&T’s customers. The company conducted an investigation and sought the assistance of cybersecurity experts to assess the scope and nature of the breach.
Ensuring Data Protection: AT&T’s Top Priority
AT&T is committed to prioritizing data protection for its customers. The company has taken measures to secure the data access point that was used to obtain the information. Additionally, AT&T is collaborating with law enforcement agencies, leading to at least one arrest related to the breach. In an effort to address customer concerns, AT&T has set up a website to provide answers to questions regarding the leak. The company emphasizes its dedication to constantly evaluating and enhancing security measures to address evolving cybersecurity threats and create a secure environment for customers.
Scope of the Breach and Affected Data
The breach compromised records of calls and texts for nearly all AT&T cellular customers, as well as customers of mobile virtual network operators (MVNOs) that utilize AT&T’s wireless network. Additionally, AT&T landline customers who interacted with these cellular numbers may have also been affected. The period affected by the breach spans from May 1, 2022, to October 31, 2022. Furthermore, a small number of customers had additional records leaked from January 2, 2023. The compromised data includes telephone numbers involved in interactions and, in some instances, cell site identification numbers.
No Personal Identifiable Information Accessed
AT&T reassures customers that the compromised data does not contain personal information such as Social Security numbers, dates of birth, or other personally identifiable information. While the data does not include customer names, there are potential ways to identify individuals associated with specific telephone numbers using publicly available online tools. AT&T emphasizes that the compromised data is not believed to be publicly available.
Notification and Protection for Affected Customers
AT&T plans to notify both current and former customers who were impacted by the breach. The company will provide resources to help protect their information. AT&T acknowledges the incident and expresses regret that it occurred. Their commitment to protecting customer information remains unwavering.
Previous Breach and Measures Taken
This recent data breach is not the first time AT&T has faced such a challenge. In late March, the company disclosed another significant breach involving the leak of information from approximately 73 million current and former account holders. The leaked data, which surfaced on the dark web in mid-March, includes details of 7.6 million current and 65.4 million former customers, likely from 2019 or earlier. The compromised information may include passcodes, full names, email addresses, home addresses, phone numbers, dates of birth, and Social Security numbers.
AT&T promptly responded to the previous breach by resetting passcodes for affected current account holders. They also offered identity theft and credit monitoring services to customers whose sensitive personal information was compromised. The company reassured customers that there was no evidence of unauthorized access to their systems and that personal financial information or call history was not exposed.
Ongoing Investigations and Uncertain Origins
AT&T is currently working with external cybersecurity experts to investigate the latest breach. The origin of the leaked data remains uncertain, and it is unclear whether it is connected to a claim made by the hacker group ShinyHunters in 2021. This group had previously alleged that they obtained data impacting 71 million AT&T customers. Despite these breaches, AT&T assured the public that there has been no significant impact on its operations.
In conclusion, AT&T’s commitment to data protection and customer security is evident in its response to the recent breach. By promptly launching investigations, collaborating with cybersecurity experts, and working with law enforcement agencies, AT&T aims to mitigate the impact on its customers. The company’s dedication to enhancing security measures and prioritizing customer data remains steadfast, despite the challenges posed by cyber threats.
