What you need to know about AT&T data breach that affected ‘nearly all wireless customers’

Call and text logs were stolen by hackers during a 2022-2023 attack, the company revealed last week.

By Sean SaldanaJuly 18, 2024 2:22 pm,

If you’re an AT&T customer who sent a text or made a call in the middle of 2022, there’s a pretty good chance that you were affected by a massive data breach.

Recently, AT&T said that “nearly all” of its cell phone customers were affected by an attack that exposed call and text logs to hackers. The actual content of those calls and texts is said to be safe, and AT&T doesn’t believe the hacked data has been made public.

Tech expert Omar Gallaga joined the Standard with more on how this massive hack affects the company’s hundreds of millions of subscribers.

This transcript has been lightly edited for clarity.

Texas Standard: When did we first learn about this data breach? 

Omar Gallaga: We learned about this last Friday on July 12th. But, apparently AT&T has known about this for a little while longer. They filed an SEC filing that morning, but they’ve known about this since about April 19th of this year.

Why did it take AT&T so long to notify the rest of us? 

Yeah, a lot of times with these types of incidents, it’s that they’re working with law enforcement. And sometimes the law enforcement will say, you know, we need to investigate this or kind of find out what’s going on first before that’s revealed to the public.

And in this case, it could have affected the arrest. It could have affected, you know, the tracking down to the person that they ended up arresting.

So do we know how much this data breach will actually affect customers?

It’s hard to say because it doesn’t actually include the content of texts or any calls or messages. It’s just the logs of those calls and texts. But it seems like AT&T says it affected nearly all of its wireless customers, which is, you know, many, many millions of people. They’re planning to notify about 110 million customers about it.

And, it’s hard to say because we don’t know how that data will be used. We don’t know. The data can be sold. So it’s really tough to say what the actual effect of it will be.

But, you know, like all of these breaches that have affected AT&T – and this is like the second or third one we’ve heard about this year – it’s not good. It’s not great for anybody.

» GET MORE NEWS FROM AROUND THE STATE: Sign up for Texas Standard’s weekly newsletters

There might be people who are like, “enough of this. I am going to switch.” If you’re an AT&T customer, is that something that you should consider, considering what was leaked in this case? 

It could be. I mean, AT&T has had a particularly bad year. You know, they had one breach that affected about 73 million customers. That was back from a 2019 hack that we just learned about this year. They also were one of several wireless companies that was dinged by the FCC for selling customer location data.

But the thing is, you know, the kind of breaches that we’re seeing, they affect almost all tech companies. So, just because AT&T has been particularly unlucky this year doesn’t mean that your other big wireless companies – your Verizons, your T-Mobiles – aren’t also going to be affected by breaches. It just seems like AT&T in particular has gotten quite a bit of it in the last couple of years.

Well, so if this is just going to happen with wireless providers, I mean, as a customer on your end, are there any general security tips you should be aware of that you can kind of lock down your own end of it?

I mean, we always say things like, you know, have a tough password that you change regularly. Things like that. You know, don’t give out your passcode.

But these breaches are not things that you could have prevented by doing any of those things. These are things that are kind of at the wider level. And one one trend that I’ve seen lately with some of these breaches is that they’re not even breaches of the company themselves. It’s breaches of information or services that were outsourced to other companies, you know, third party vendors.

So, as a customer, it’s really hard to protect yourself from things like that that are completely out of your control and sometimes even out of the company’s control.

Well, something that is a little surprising to me: We don’t ever hear about arrests in connection with the hacking, but that’s actually what happened in this case. Do we know who was arrested and what they’re charged with yet?

No. As of right now, we don’t have any details on that, just that someone was arrested in connection with this and that there is an ongoing investigation.

AT&T says that it’s investigating the breach, you know, working with the FBI and the Department of Justice. But that’s about all we know about that so far.

If you found the reporting above valuable, please consider making a donation to support it here. Your gift helps pay for everything you find on texasstandard.org and KUT.org. Thanks for donating today.