AT&T data breach: How to find out if you were affected by the massive hack
AT&T paid hackers around $370,000 in Bitcoin to delete customer data that was stolen from the company earlier in 2024. The hack was part of a larger hacking spree against Snowflake that provides cloud data storage that compromised over 160 companies including Ticketmaster, Advance Auto Parts, Lending Tree/QuoteWizard, Santander Bank, Pure Storage, Los Angeles Unified School District (LAUSD), and Neiman Marcus. AT&T negotiated the ransom through a security researcher intermediary called "Reddington" on behalf of the ShinyHunters hacking group. Reddington believes the only complete records of the stolen AT&T data was deleted, but excerpts may still exist elsewhere. Reddington also negotiated ransoms for other companies that were also attacked.
On July 12, AT&T released the following public statement on unauthorized access of customer data from Snowflake, a third-party cloud platform. AT&T also provided recommendations and resources for affected customers.
AT&T: Unlawful access of customer data
What happened?
According to AT&T, the customer data was illegally downloaded from a third-party cloud platform Snowflake. The company reportedly learned of the hack in April.
What information was included:
The hack was massive, involving 109 million customers. The data includes phone calls and text messages of nearly all AT&T customers from May 1, 2022 to Oct. 31, 2022, as well as some data from Jan. 2, 2023. It also includes other phone numbers that AT&T wireless customers interacted with during the this timeframe, including landlines.
What information wasn’t included:
The compromised data doesn’t include the content of the calls or texts, or times of these calls and texts. It also doesn’t include details such as Social Security numbers, birth dates, or other personally identifiable information.
And while customer names weren’t included, there are ways to find out names associated with phone numbers using online tools, AT&T reported.
What AT&T said
“At this time, we do not believe the data is publicly available. We continue to work with law enforcement in their efforts to arrest those involved. Based on information available to us, we understand that at least one person has been apprehended,” the company said in a statement.
Reuters reported the FBI is investigating the incident and at least one arrest has been made.
How to check if your data was included
If your account was included in this cyberattack, AT&T stated they would contact you by text, email, or U.S. mail.
You can also check if your data was compromised, including texts and phone numbers included in the download by logging on to your account.
What about identity theft protection?
A company spokesperson told CBS Money Watch the company isn’t providing identity theft protection at this time.
How to protect yourself
AT&T has provided these suggested tips for good cyber protected:
- Only open text messages from people that you know and trust. Do not reply to suspicious text.
- Don’t reply to a text from an unknown sender with personal details.
- Go directly to a company’s website. Don’t use links included in a text message. Scammers can build fake websites using forged company logos, signatures, and styles.
- Make sure a website is secure by looking for the “s” after the http in the address. You can also look for a lock icon at the bottom of a webpage.
Here’s what AT&T didn’t say:
AT&T reportedly paid approximately $370,000 in Bitcoin to hackers to delete compromised customer data. This incident was part of a broader hacking campaign in 2024 that affected over 160 companies through compromised Snowflake employee credentials.
CISA encourages customers to review the following AT&T article for additional information and follow necessary guidance to help protect personal information.