AT&T data breach: What's next for affected customers?

Who was affected by the AT&T data breach?

Almost everyone with AT&T mobile service -- nearly 110 million customers -- has been affected by this breach.

AT&T said it would notify affected customers by mail, text or email. However, customers with AT&T mobile service between May 1, 2022, and Oct. 31, 2022, along with a select few accounts active on Jan. 2, 2023, should consider their records stolen.

Other users may also be at risk. AT&T said that information from mobile virtual network operators, which are companies that use AT&T's infrastructure, was also exposed in this attack. Although AT&T hasn't named the exact companies, examples of these types of operators include Boost Mobile and Cricket Wireless.

What can hackers do with the stolen AT&T phone and text records?

The attackers do not have the content of the calls or texts but do have the estimated locations. The phone company logs the nearest cellular tower each time a device connects to a mobile network, which gives a map and timeline of a person's cellphone use.

Even though the compromised data does not include the names associated with the phone numbers, online tools exist to find this information and trace users to specific numbers. Attackers can piece together events from these records to uncover who calls who, which could affect people's private connections. The same can be said by matching personal phone calls to business numbers, exposing an individual's private information and uncovering a company's customers.

With information such as frequent phone numbers called, attackers can impersonate a manager, bank, doctor's office or family member and request money. Stolen phone records could also be used for blackmail for people having affairs, enable abusers or stalkers to find former partners, or help criminals find the homes of victims or prosecutors.

Location data from cellphones is considered sensitive information. The Supreme Court requires extra legal protections for this information, and police must have a warrant to gather historical cellphone location data from wireless providers.

Perhaps the largest issue lies beyond personal usage of cell data. Foreign intelligence agencies could use location details to spy on U.S. government activities and specific targets by tracking their movements.

How has AT&T responded?

AT&T identified the data was stolen and stored on the Snowflake-hosted cloud workspace. AT&T said it did not affect its network. AT&T's statement on July 12, 2024, said the investigation is ongoing, and it has enlisted cybersecurity experts to understand the magnitude and scope of this breach. It has also closed the unlawful access point. At least one person has been apprehended, according to AT&T.

AT&T has a dedicated site for customers to answer questions and review updates to this breach. The telecommunications company is now also facing a class action lawsuit for this breach.

Can customers do anything to protect their data further?

There are some steps customers can take to protect themselves from further scams, such as attempts to steal credit card information:

• Be extra vigilant. If phone calls or texts appear from a family member, bank or place of employment, do not respond with sensitive or private information, such as passwords, money or photos. Even if the text seems to be a desperate plea for money from a family member, always contact the person directly. Never respond to a call or text from an unknown sender -- it could be a form of phishing using text messages to steal personal information.
• Report any fraud. AT&T said to report any fraud calls on wireless numbers to its fraud team by visiting attfraud.custhelp.com.
• Don't trust caller ID entirely. Caller ID can be easily spoofed. Always call a business or person directly using a trusted phone number.
• Do not have ID confirmation codes sent via text. To confirm an identity when logging in to a bank account, social media account or other online account, the site may want the user to verify identity by sending a confirmation code. Consider using an app to generate single-use codes, such as Authy or Google Authenticator, instead of text message codes or send confirmation codes to email. Criminals can intercept calls or texts.
• Keep information updated. Be sure all contact information at banks and credit card companies is updated so companies can alert account holders of fraudulent activities immediately.
• Do not click on links. Never click on a link in a text message or email. Be cautious of any links, no matter how authentic they appear -- go to the trusted website through a browser. Check that the site is secure by looking for a closed padlock in the web browser address bar and "https" in the address, as opposed to "http."
• Secure online accounts. Use strong passwords, and update any weak or recycled passwords for online accounts. To help remember various passwords, consider a password manager. Enable two-factor authentication whenever possible.
• Monitor finances. Be sure to check bank and credit card statements for fraudulent transactions. Respond to messages or calls asking to confirm fraudulent transactions, but also beware of scammers using these messages for spoofing. Always contact the bank or credit card fraud department directly to verify.
• Use encrypted messaging apps. Consider encrypted messaging apps, such as WhatsApp or Signal, for sensitive or private messages. These apps secure activity with end-to-end encryption to prevent access even from wireless providers. The receiver and sender both need to use these apps for the encryption to work on a message.

Learn more about the differences between hacking and spoofing.

Amanda Hetler is senior editor and writer for WhatIs, where she writes technology explainer articles and works with freelancers.