AT&T says an attack leaked data for ‘nearly all’ its customers

A major security breach recently exposed call and text records for “nearly all” AT&T customers, the carrier acknowledged via a statement on Friday. It explains that in April, the data was “illegally downloaded from our workspace on a third-party cloud platform,” and included not just direct customers, but people signed up to MVNOs (mobile virtual network operators) like Cricket Wireless, Boost Mobile, and Consumer Cellular. Even AT&T landline users who interacted with those cellular numbers have been impacted.

The leaked records mostly span between May and October of 2022, with a “very small” group of customers having had records exposed for January 2, 2023. The content of the calls and texts is safe, but the data does reveal which phone numbers interacted with others, as well as any cell site identification numbers involved. In theory, someone dedicated enough could piece this together with outside information to reveal who was talking to who and when.

AT&T says that “at least” one person has been arrested over the incident, and that it’s not only working with police but pursuing its own investigation — helped by security experts — to get a full picture of the situation. The company adds that it has “taken steps to close off the illegal access point.”

A carrier spokesperson tells The Verge that the cloud platform involved was Snowflake. Separately, TechCrunch was told that AT&T, the FBI, and the US Department of Justice all agreed to delay notifying the public, on the basis of “potential risks to national security and/or public safety.” That could suggest foreign involvement, although purely criminal activity could also be considered a national security threat.

What can I do about protecting my phone data?

AT&T says that the records don’t appear to be publicly available, and that it’s notifying current and former customers about the incident, providing “resources” to help secure info. Beyond that, there may not be much people can do other than change their phone number and/or switch carriers.

The breach is actually AT&T’s second reported incident in a matter of months. Back in March 2024, the carrier revealed a leak affecting 7.6 million active customers and 65 million former customers. That one was far more serious, since the data involved things like names, email addresses, account numbers, and even Social Security numbers. The exposed data was from 2019 or earlier, but of course most people don’t change their email or Social Security info once it’s first set.