On March 9, 2023, telecommunications giant AT&T disclosed a significant data breach affecting nearly every customer on its cellular network. The company reported that hackers gained unauthorized access to call logs stored on a third-party cloud platform, compromising sensitive metadata.
The breach, which AT&T discovered through an internal investigation, revealed that call and text message records from May 1 to October 31, 2022, and January 2, 2023, were accessed. Although the content of the calls and messages remained secure, the exposed data included phone numbers and other call metadata, which can be used to infer patterns and connections between individuals.
John Scott-Railton, a senior researcher at the University of Toronto’s Citizen Lab, described the incident as a “megabreach,” emphasizing the national security risks and privacy concerns associated with such a large-scale exposure of metadata. This type of information, while not directly revealing the content of communications, can still be highly sensitive when analyzed collectively.
AT&T’s wireless network, which connects 127 million devices, was impacted by this breach. The company assured customers that personal information such as names, credit card details, and Social Security numbers were not compromised. However, the breach’s scale means that even without direct personal information, the potential for misuse is significant.
AT&T has taken steps to address the breach, including enhancing cybersecurity measures and closing the access point used by the hackers. The company is notifying affected customers and cooperating with law enforcement to apprehend those responsible. At least one individual has already been arrested in connection with the hack.
The U.S. Justice Department mandated that AT&T publicly disclose the breach details on specific dates, and the company complied by making announcements on May 8 and June 5, 2023. AT&T stated that the breach would not affect its operations or financial results, emphasizing that the exposed data is not believed to be publicly available as of the disclosure date.
This breach highlights the ongoing vulnerabilities in third-party cloud platforms and the critical need for robust cybersecurity practices to protect sensitive customer data. Customers affected by the breach are advised to be vigilant and monitor their accounts for any unusual activity.