If you are an AT&T cellular customer, you may want to check your account for potential data exposure. AT&T announced on Friday that a significant data breach has compromised the records of nearly all its cellular customers.
Who Is Affected?
The breach affects customers who used AT&T services between May 1, 2022, and October 31, 2022. Additionally, records from January 2, 2023, were also compromised, though this affects only a small number of customers. This information was gathered by hackers during these periods.
How To Check If Your Data Was Compromised
AT&T has provided a straightforward way for customers to check if their data was compromised. By logging into their accounts, customers can see if their information was affected. AT&T also offers a detailed report that explains the technical details of the breach in a more user-friendly format.
"When customers log in, they can see if their data was affected. They can also request a report that provides a more user-friendly version of technical information that was compromised," an AT&T spokesperson told CBS MoneyWatch.
AT&T will alert impacted customers through text, email, or U.S. mail. Despite the large scale of the breach, the company has decided not to provide identity theft protection at this time. For more details, customers can visit att.com/DataIncident.
What Data Was Compromised?
The breached data includes records of calls and texts for AT&T customers. However, it does not include the content of these calls and texts. Personal information such as Social Security numbers, birth dates, or other identifiable details were also not compromised.
Why The Delay In Alerting Customers?
According to U.S. securities regulations, companies must disclose data breaches within 30 days of discovering a security problem. AT&T stated it learned about the breach in April but delayed informing customers. The delay was due to ongoing work with the Department of Justice and the FBI. These agencies determined that disclosing the breach earlier could have posed security risks.
"The breach is considered a national security concern because these call logs reveal social and/or professional networks of people," said Patrick Schaumont, professor in the Department of Electrical & Computer Engineering at Worcester Polytechnic Institute, in an email.
Schaumont further explained the potential risks: "If person A has a role relevant to national security, then person A's social network is a liability. So, person A's call log must be kept secret. That's why the Department of Justice prevented AT&T from disclosing the breach until now."
Investigation And Response
While the identity of the hacker or hackers remains undisclosed, AT&T confirmed that one person has been apprehended in connection with the breach. The company continues to cooperate with federal authorities to fully address the situation and prevent future incidents.
More information can be found at att.com/DataIncident.
