AT&T announces significant data breach
As required by agency rules, AT&T on July 12 informed the Securities and Exchange Commission (SEC) the company had a breach "of nearly all of AT&T’s wireless customers and customers of mobile virtual network operators (“MVNO”) using AT&T’s wireless network," in an 8-K reporting form signed by Stacey Maris, the company's senior vice president, secretary and chief privacy officer.
Information provided by AT&T explains that data in the form of call logs stored on a third-party cloud platform was "unlawfully accessed," copied and exfiltrated between April 14 and April 25. The information contained "records of customer call and text interactions that occurred between approximately May 1 and October 31, 2022, as well as on January 2, 2023..." According to the filing, the breach was discovered April 19, 2024.
The company pointed out that, while the data included telephone numbers of AT&T wireless customers and mobile virtual wireless customers using its network, it did not include "content of calls or texts, personal information such as Social Security numbers, dates of birth, or other personally identifiable information."
The information did show the wireless telephone numbers "with which an AT&T or MVNO wireless number interacted during these periods, including telephone numbers of AT&T wireline customers and customers of other carriers ..."
To assist the investigation, the U.S. Department of Justice authorized the delay in reporting the breach. The filing states, "AT&T is working with law enforcement in its efforts to arrest those involved in the incident. Based on information available to AT&T, it understands that at least one person has been apprehended. As of the date of this filing, AT&T does not believe that the data is publicly available."
The company said it has taken steps to close the access point for the breach and current and former customers who are affected will be notified. It cautioned that, "While the data does not include customer names, there are often ways, using publicly available online tools, to find the name associated with a specific telephone number."
Whether you are an AT&T wireless customer or your cell service comes from a different provider, this breach is an opportunity to remind users to make sure you have enabled all of your phone's security measures. And be careful about phishing emails and phone calls which may try to obtain more specific information like passwords for your accounts.
In addition, consider taking some simple steps to prevent a thief from using your information.
One of the best identity theft prevention tools is the security freeze available for free at the three credit bureaus: Experian, Equifax and Transunion.
The freeze gives consumers the choice to “freeze” or lock access to their credit file against anyone trying to open up a new account or to get new credit in their name.
Placing a security freeze on your credit report prevents the information from being given to a potential creditor. With a security freeze in place, the only way a creditor can see your information is if you approve the release by giving the credit bureau a specific code.
Contact information for all three credit bureaus is shown below.
Equifax 1-888-298-0045
Experian 1-888-397-3742
Transunion 1-888-909-8872
Jane Carpenter is a member of the FBI InfraGard organization, has trained law enforcement in identity theft and data breach response and has helped create laws that assist victims of the crimes.