If You Have AT&T This Massive Data Leak Is A Privacy Nightmare: Here's What To Do Next

In what can be dubbed as one of the biggest security breaches of its kind in recent years, AT&T has announced today that data of "nearly all" its cellular customers was stolen by hackers. The first phase of the attack lasted between May and October of 2022, while the second phase was executed in January last year. Hackers downloaded workspace data from a third-party platform, but the entry point has since been secured after AT&T was informed about the incident.

The dataset stolen by the bad actors, of which one suspect has been apprehended, includes "records of calls and texts" of AT&T cellular customers, users that have service with networks that use AT&T's networks, the carrier's landline customers, and cell site ID numbers, as well. The stolen data also contained more granular details, such as the number of times a call was made and the duration of calls.

Thankfully, the leaked information does not contain more private details such as the contents of the calls or other personally identifiable details such as date of birth, social security numbers, and banking information. This, however, isn't the first such incident of its kind for AT&T. Earlier this year, the company revealed that customer records, which included encrypted passwords, belonging to over seven million current customers as well as more than 65 million former clients, were dumped online. The carrier subsequently reset the passcodes for millions of customers as a safety measure.

If your AT&T line was hit by the latest cybersecurity incident, which seems quite likely by the language in the press release, AT&T will reach out to you via text, email, or local mail. For regular customers, the carrier suggests that they check their AT&T account dashboard. The company assures that the stolen data is not publicly online, but from whatever details were siphoned, it's not too difficult to piece together more details from what is already available in the online public domain.

Moving forward, AT&T has asked customers to do their own threat detection. If you receive any suspicious call or text asking for details like banking information, simply forward it to the carrier's 7726 helpline, which sends it over to the AT&T ActiveArmor security team. Additionally, tap on the "Report Junk" option below any such messages. Swiping left on the message bubble also does the job of reporting and deleting such texts. You can find more details about the process in this reporting guide. 

The company also has a dedicated desk where you can report incidents of fraud, identity theft, and suspicious account activity. In case you want to access the details of your call and text data that was stolen by hackers, head over to AT&T's website for wireless and home connections, or submit a formal data request. If you are a former customer and had an AT&T service active between May and November 2022, you can still submit a data request.