The short answer is... pretty bad. According to AT&T, the phone records of virtually every customer who uses their wireless service were accessed by hackers. The not-quite-so-bad news involves the specific types of data that were accessed. According to the company, the hackers were not able to obtain the content of phone calls or texts. Also, no personally identifiable information was obtained, such as names, Social Security numbers, birthdays, or contact lists. The hackers were actually only able to grab users' phone numbers, the numbers that they called during the period in question, and the length of the calls. I suppose that might be useful to a hacker in some fashion, but it clearly could have been worse. (ABC News)
AT&T has announced that the company believes a hacker stole records of calls and texts from nearly all of AT&T's wireless customers, according to a financial filing from the company.
"The data does not contain the content of calls or texts, personal information such as Social Security numbers, dates of birth, or other personally identifiable information," AT&T said in their statement released early Friday morning. "These records identify the telephone numbers with which an AT&T or MVNO wireless number interacted during these periods, including telephone numbers of AT&T wireline customers and customers of other carriers, counts of those interactions, and aggregate call duration for a day or month."
The company claims that they have put "additional cybersecurity measures" in place to prevent this from happening again. That included closing down the portal that the hackers used to break into the system. Notifications are being sent to all affected users, which sounds like that would include virtually everyone who uses AT&T. (The company currently has more than 220 million wireless subscribers.)
Details haven't been released yet, but it is believed that the FBI has already made one arrest in connection to the hacking attack and has identified additional suspects. The company says that it "doesn't believe" the customer data will show up anywhere else on the internet. That might be true, but you never can tell what's going to show up on the dark web. Even if they didn't manage to access any credit card information, knowing all of the numbers that you call or text with and how often you do so could help to identify you and map out your online relationships.
This hack wasn't anywhere near the largest on record. That would be the Cam4 data breach in March 2020 in which more than ten billion records were compromised. (That's more than seven terabytes of data.) In 2013, Yahoo had three billion records stolen. The total number of people who eventually had money pilfered from their accounts or were subjected to blackmail attacks will likely never be known.
This is all a disturbing reminder of the risks we take when we venture online. Major data-handling companies invest tremendous resources into data security and anti-hacking safeguards, but the hackers always seem to wind up being several steps ahead of them. Sadly, the internet is so firmly embedded into modern society at this point that it seems almost impossible to avoid. And with Artificial Intelligence on the rise, it's probably only going to get worse. This hack of AT&T will probably wind up looking like small potatoes in the long run.
Join the conversation as a VIP Member