AT&T confirms hackers stole nearly all customer records

FBI investigating massive hack affecting 73 million customers

In partnership with

Welcome to the latest issue of The Breach Report, a cybersecurity newsletter from the creators of the Cybersecurity Careers Blog. Be sure to subscribe via email or RSS.

Your Brilliant Business Idea Just Got a New Best Friend

Got a business idea? Any idea? We're not picky. Big, small, "I thought of this in the shower" type stuff–we want it all. Whether you're dreaming of building an empire or just figuring out how to stop shuffling spreadsheets, we're here for it.

Our AI Ideas Generator asks you 3 questions and emails you a custom-built report of AI-powered solutions unique to your business.

Imagine having a hyper-intelligent, never-sleeps, doesn't-need-coffee AI solutions machine at your beck and call. That's our AI Ideas Generator. It takes your business conundrum, shakes it up with some LLM magic and–voila!--emails you a bespoke report of AI-powered solutions.

Outsmart, Outpace, Outdo: Whether you're aiming to leapfrog the competition or just be best-in-class in your industry, our custom AI solutions have you covered.

The FBI is investigating the massive hack that affected 73 million AT&T customers. Between May 1 and October 31, 2022, and January 2, 2023, approximately six months' worth of phone calls and text records were stolen.

AT&T confirms records data for 73 million customers stolen and available on hacker forums

AT&T has confirmed that approximately six months’ worth of phone call and text message records for nearly all of its 73 million customers have been stolen. While AT&T has stated that the data doesn’t include actual phone or text content (i.e., transcriptions), it can potentially reveal sensitive information about millions of its customers in the United States.

The data stolen was part of the ever-increasing list of affected customers using the Snowflake data platform breached in April 2024.

AT&T paid a hacker $370,000 to delete the data

One of the hackers responsible for the breach confirmed to Wired that AT&T had paid him $370,000 to delete data related to the breach and provide video proof of deletion.

The hacker was paid 5.7 bitcoin on May 17, 2024, worth $373,646 at the time of the transaction. Wired and TRM Labs, a global cryptocurrency investigation firm, independently verified the exchange.

An investigation by BleepingComputer found that the data includes “names, addresses, mobile phone numbers, encrypted date of birth, encrypted social security numbers, and other internal information.”

However, the hackers have decrypted the birth dates and social security numbers and added them to another file in the leak, making those also accessible.

After initially denying the data was stolen from its systems, AT&T stated in an SEC filing that it learned from an internal investigation in April 2024 that “hackers unlawfully accessed and copied AT&T call logs” saved on a third-party cloud platform.

The U.S. Department of Justice and the Federal Bureau of Investigation are aiding AT&T in investigating the hack. U.S. Senators are also calling for an investigation after pressing the heads of AT&T and Snowflake in a new letter addressed to AT&T Chief Executive Officer John Stankey.

Why the stolen AT&T customer data matters

Analyzing numbers within the breach could be valuable for malicious actors trying to understand patterns or “networks” of communication between people.

This metadata—or data used to describe other forms of data—is what intelligence agencies or law enforcement globally analyze when conducting research or investigations on suspects, for example.

Using publicly available tools could also aid malicious actors in associating phone numbers with customer names.

What AT&T customers should do after the hack

A large dataset of 73 million Americans could prove very valuable for understanding patterns of behavior, personal networks, and perhaps even what businesses or organizations they support.

If you were or currently still are an AT&T customer throughout the affected timeline, we highly recommend you take the following precautionary measures:

  • Enroll in a credit and identity monitoring service. Most major credit card providers now provide free identity or at least credit monitoring. Check here first to see if your credit card provider does, and enroll today. If you were affected by a different breach, you may also be entitled to free monitoring.

    If none of this applies to you, start a new enrollment with a service such as TransUnion, Equifax, or Experian. Many offer free monitoring levels with advanced notifications and protections under a paid membership.

  • Change your phone number–or obtain a secondary one. Yes, we realize it’s inconvenient to change your phone number. Phone numbers are tied to so much of our everyday lives, whether it’s utilities, banks, or social networks. But that’s precisely why it’s so valuable in the hands of the wrong person. Your number is already compromised, and you’d be better off obtaining a new number. Just make sure you do some Googling on any new proposed number your mobile provider offers to see what the new number is associated with–or who.

    You can also obtain a secondary number (e.g., Google Voice) and associate this new number with whatever you want, whether it’s your social circle or utilities, subscriptions, etc.

Latest Cybersecurity News

What we’re reading across the wire about the latest cybersecurity hacks, breaches, industry news, and more.

New from our blog:

New from our favorite blogs and journalists:

Today’s Cyber Wall of Shame

It's not a good time to be an executive at AT&T.

Until next time…

Rob Waters
Founder
The Breach Report + Cybersecurity Careers Blog


P.S. - Do you want to start a newsletter yourself?
You can with beehiiv. Create one today with a free trial.
Disclaimer: The Breach Report may contain affiliate links. Read our Advertising policy page.

Reply

or to participate.