What to Know About the Latest AT&T Data Breach

AT&T said Friday that records of calls and text messages of nearly all AT&T customers were exposed in a data breach. The announcement comes on the heels of a data leak the company announced in March that involved the personal information of 73 million current and former customers.

Here’s what to know about who was affected, what data was exposed and what to do in response to the latest AT&T data breach.

Who was affected

‍AT&T is saying on its website and in a filing with the U.S. Securities and Exchange Commission that nearly all customer accounts—approximately 109 million—were exposed. Customer data was illegally downloaded from the company's workspace onto a third-party cloud platform.

What data was exposed

The stolen data includes phone call and text message records of nearly all of AT&T cellular customers from May 1, 2022, to October 31, 2022, and January 2, 2023. The records identify other phone numbers that AT&T wireless numbers interacted with during this time, including AT&T landline customers. 

The data doesn’t include content of calls or text messages or personal information of customers, such as Social Security numbers. The stolen data also does not include customer names, but AT&T notes that it’s possible to find names associated with phone numbers using public data sources.

What AT&T is doing

‍The company said it will be contacting current and former customers by text, email or U.S. mail if their information was impacted by the breach. It is working with government agencies and law enforcement to investigate the breach and has closed off the point of access that allowed hackers to gain access to customer records.

What AT&T customers should do

Be wary of any calls or text messages related to the breach. Scammers might attempt to take advantage of the situation and claim that they are offering to help customers protect themselves after the breach in an effort to steal their personal information. Never share any personal information if you receive an unsolicited call or text message, and don’t click on links in text messages—even if they appear to come from a trusted source.

If you receive a suspicious call or text message asking you for personal, account, or credit card details, report it to the AT&T fraud team and forward text messages to AT&T.

Learn what information was breached. Through December 2024, you can send a request to AT&T to find out the phone numbers of your calls and texts that were in the stolen data.

• AT&T wireless and home phone: Get details
• AT&T Prepaid: Submit a data request

‍

Monitor your accounts, credit and identity for unusual activity. Using a service such as Carefull makes it easy to get 24/7 monitoring and to be alerted to fraudulent activity and misuse of your personal information. Carefull also provides up to $1 million in identity theft insurance and has Care Agents who can walk you through the steps to take to recover your identity if you become a victim.

‍

Try Carefull for free for 30 days.

‍

Freeze your credit reports at each of the three credit bureaus—Equifax, Experian and TransUnion—to prevent fraudulent accounts from being opened in your name if your personal information was stolen.  It’s free and easy to place a freeze on your credit reports at all three of the credit bureaus. You can lift the freeze if you need to apply for credit.  

• Equifax security freeze
• Experian security freeze
• TransUnion credit freeze

‍

To learn more, Carefull has a step-by-step guide on What to Do After a Data Breach.