OOn Friday, AT&T announced that data from nearly all of its more than 100 million customers had been downloaded to a third-party platform in a security breach dating back to 2022. Affected parties include AT&T cellular customers, from mobile virtual network operators using AT&T’s wireless network and other telephone numbers with which an AT&T wireless number interacted during this period, including AT&T landline customers.
An investigation by the company determined that the compromised data included files containing AT&T call and text message logs between May 1, 2022, and October 31, 2022, as well as January 2, 2023. But they confirmed that the breach did not it included the content of any calls or text messages, nor the date and time stamps. It also does not contain details such as Social Security numbers, dates of birth or other personally identifiable information.
The company shared advice customers about what the breach means for their data security and how to protect themselves.
Fortunately, AT&T doesn’t believe the data is publicly available, but it doesn’t know exactly what is being done with it.
“We confirm that the affected third-party cloud-based workspace has been secured,” AT&T spokesperson Alex Byers told TIME in an emailed statement. “We sincerely regret that this incident occurred and remain committed to protecting the information in our care.”
AT&T says it is contacting customers whose data was compromised in the data breach. Customers can also check the status of their myAT&T, FirstNet and Business AT&T accounts to see if their data has been affected through their account profile.
By December 2024, those impacted by the data breach will be able to receive the phone numbers for calls and texts compromised by the data breach. Current customers can request this data through their AT&T profile. Active AT&T Home and Cordless Phone Customers Can Get Help herewhile AT&T prepaid customers can send a data request.
Previous customers who were with AT&T during the affected period can access their breached data through a data request. If customers are unable to provide their case number, they can still send a legal subpoena to their registered agent, CT Corp, for handling and processing, according to AT&T.
AT&T’s website also recommends that customers protect themselves against phishing and scams through several means, including only opening text messages from people customers know, never responding to a text message from an unknown sender with personal details, going directly to company website and look for the “s” after the http in a website address to ensure its security.
The telecommunications giant also recommended that customers forward AT&T suspicious text activity—a free service that doesn’t count toward any text plan—and report fraud to AT&T fraud team.
This story originally appeared on Time.com read the full story
