Approximately eleven million subscribers were affected by the breach.
AT&T suffered a data breach affecting nearly all of its customers' call and text records between May 1, 2022, and October 31, 2022.
The compromised data does not contain the contents of calls or texts nor their time or date, but it could be used to infer sensitive details about individuals' lives and potentially locate them.
The stolen data includes call and text records of customers interacting with other wireless networks.
In a significant data breach, hackers gained unlawful access to call and text records of nearly all AT&T customers between May 1, 2022 and October 31, 2022. The stolen data includes records of calls and texts made between these customers and other wireless networks. Approximately eleven million wireless subscribers were affected by this breach.
The compromised data does not contain the contents of the calls or texts nor their time or date. However, cybercriminals may use this information to infer sensitive details about individuals' lives and potentially locate them based on call durations and cell site identification numbers.
AT&T launched an investigation after discovering the breach on April 19, 2024. The company has engaged leading cybersecurity experts to understand the nature and scope of the criminal activity. One person has been arrested in connection to the incident, and AT&T is continuing to work with law enforcement agencies such as the Federal Communications Commission (FCC), FBI, and US Department of Justice to apprehend others involved.
This breach marks another setback for AT&T following a data breach in March 2024 that exposed 73 million current and former accounts on the dark web. The company also experienced back-to-back service issues, including a broad network outage in February and another incident in June.
To protect your privacy, consider using encrypted chat apps like Signal or WhatsApp to communicate sensitive information. Additionally, be cautious when sharing personal details online and avoid clicking on suspicious links or downloading unverified attachments.
AT&T revealed a massive data breach in which call and text message records from May 1, 2022 to October 31, 2022 were exposed.
Stolen logs contain a record of every number AT&T customers called or texted, including numbers from other wireless networks.
Approximately 110 million wireless subscribers were affected by the breach.
Accuracy
Approximately May 1 and Oct. 31, 2022, and on Jan. 2, 2023 were affected.
Hackers stole six months worth of call and text message records.
The data contains records of calls and texts between approximately May 1 and Oct. 31, 2022.
Deception
(100%)
None Found At Time Of
Publication
Fallacies
(85%)
The authors use the term 'nearly all' AT&T cellphone customers and 'many non-AT&T customers' which is a Dichotomous Depiction. They also use the phrase 'very small number' of customers from January 2, 2023, which is an imprecise statement that could be considered an Appeal to Authority if taken out of context.
][The stolen logs also contain a record of every number AT&T customers called or texted -- including customers of other wireless networks -- the number of times they interacted, and the call duration.][
[Importantly, AT&T said the stolen data did not include the contents of calls and text messages nor the time of those communications.]
AT&T announced a data breach affecting nearly all of its customers, around 110 million people
Stolen data includes phone numbers called and texted, call durations, and cell site identification numbers for a six-month period from May 1, 2022 to October 31, 2022
Data does not include content of calls or texts nor their time or date
Cybercriminals may use stolen data to infer sensitive information about customers’ lives and potentially locate them
Incident blamed on a recent breach at cloud service provider Snowflake affecting multiple companies including AT&T
UNC5537 identified as responsible cybercriminal group by Mandiant, the firm hired to investigate Snowflake breach
Accuracy
No Contradictions at Time
Of
Publication
Deception
(30%)
The article contains editorializing and sensationalism. The author quotes Rachel Tobac and Runa Sandvik making assertions about the potential harm of the stolen metadata, implying that it could reveal sensitive information about individuals' lives. However, there is no clear evidence provided in the article that this is a certainty, only speculation.
Call data records provide a wealth of value for intelligence analysts.
This can reveal where someone lives, works, spends their free time, who they communicate with in secret including affairs, any crime based communication, or typical private/sensitive conversations that require secrecy.
Fallacies
(75%)
The article by Lorenzo Franceschi-Bicchierai on TechCrunch discusses the AT&T phone records data breach and its implications. The author provides a clear and informative overview of the breach, its extent, and potential risks for affected customers. However, there are a few instances of logical fallacies present in the article.
For some of the affected customers, the cybercriminals were also able to steal cell site identification numbers linked to phone calls and text messages, according to AT&T. This means that — potentially — someone could use this information to figure out the approximate location of a customer when they made a certain call or sent a text, and perhaps infer sensitive information about their lives.
Bias
(95%)
The author expresses concern for the potential harm that can come from the stolen metadata, specifically mentioning how it could be used to infer sensitive information about individuals' lives and potentially locate them. The author also quotes experts who share similar concerns and provide examples of how this data could be used maliciously.
Call data records provide a wealth of value for intelligence analysts.
This can reveal where someone lives, works, spends their free time, who they communicate with in secret including affairs, any crime based communication, or typical private/sensitive conversations that require secrecy.
A hacker gained unlawful access to a third-party cloud platform where AT&T data was stored and exfiltrated files containing call and text records of nearly all AT&T customers from May 1, 2022 to Oct. 31, 2022. A very small number of customers’ data was also compromised on Jan. 2, 2023.
One person has been arrested in connection to the incident and AT&T is continuing to work with law enforcement to arrest others involved.
Accuracy
The stolen data includes records of interactions between AT&T or MVNO wireless numbers and other telephone numbers, as well as call duration counts but does not contain what was said on the calls or in messages or any personal information such as Social Security numbers or dates of birth.
AT&T learned from an internal investigation that hackers unlawfully accessed and copied call logs saved on a third-party cloud platform.
The data contains records of calls and texts between approximately May 1 and Oct. 31, 2022, and on Jan. 2, 2023.
AT&T revealed a massive data breach in which call and text message records from May 1, 2022 to October 31, 2024 were exposed.
