Massive Data Breach at AT&T Exposed Six Months of Call and SMS Records of Nearly All Customers

Matt Egan and Sean Lyngaas, reporting for CNN:

The call and text message records from mid-to-late 2022 of tens of millions of AT&T cellphone customers and many non-AT&T customers were exposed in a massive data breach, the telecom company revealed Friday. AT&T said the compromised data includes the telephone numbers of “nearly all” of its cellular customers and the customers of wireless providers that use its network between May 1, 2022 and October 31, 2022.

The stolen logs also contain a record of every number AT&T customers called or texted — including customers of other wireless networks — the number of times they interacted, and the call duration.

Importantly, AT&T said the stolen data did not include the contents of calls and text messages nor the time of those communications.

Of course the breach didn’t contain the content of (most) phone calls and (most) text messages, because carriers don’t record phone calls and, thankfully, don’t log the contents of text messages. This isn’t an important distinction at all. This is a devastating breach.

(I added those “mosts” because the carriers facilitate the recording/logging of some calls and text messages at the behest of law enforcement agencies. Which is exactly why we should all be moving as much of our communications as possible to E2EE platforms.)

Friday, 12 July 2024