ATT Customers’ Call Data Breached by Hackers
AT&T cellphone customers in 2022 were targeted by bad actors who breached call data, the company confirmed. AT&T disclosed that data from “nearly all” its cell subscribers and those of wireless providers using its network between May 1, 2022, and October 31, 2022, was compromised. Additionally, records of a “very small number” of customers from January 2, 2023, were also breached due to an “illegal download” on a third-party cloud platform. This breach was discovered in April when AT&T was already dealing with another major data leak.
AT&T, with approximately 110 million wireless subscribers by the end of 2022, reported that hackers did not access names, addresses, or Social Security numbers. Instead, they obtained metadata such as call logs, including numbers dialed or texted, call frequency, and duration. According to cybersecurity experts, this information could be used to identify relationships among phone numbers, aiding hackers in making scams more believable.
The exposed cell tower ID numbers of some customers could potentially help malicious actors track geolocations, increasing the credibility of their phishing attempts. Experts advise cellphone users, particularly AT&T customers, to remain vigilant against phishing scams and to verify any suspicious requests, such as calls to unfamiliar numbers, clicking links, or transferring money.
Without stronger cybersecurity regulations, customers may struggle to protect themselves against data breaches. This responsibility primarily falls on the federal government and major telecom companies. Experts believe that mandatory minimum cybersecurity measures should be enforced by these entities to safeguard consumer data.
CNN’s Matt Egan and Sean Lyngaas contributed to this report.
