AT&T has disclosed the incident to regulators and is working with law enforcement to rectify the situation.
One suspect has already been apprehended for their alleged involvement.
Basic call and text records from mid-2022 and early 2023 were exposed in this breach.
The data leak extends to allMVNOsthat utilize AT&T’s web link.
This includes Boost Infinite, Consumer Cellular, Cricket Wireless, Straight Talk, TracFone, and more.
However, AT&T itself was not the target of this attack.
I suspect that this will become a pain point for those who are affected by the incident.
The long-term impact of this breach is unclear.
While basic phone records can’t be used to commit identity theft, they could enabletargeted phishingor harassment campaigns.
As for whether the stolen phone records have been traded on the dark webwe don’t know.
For reference, this is the second data breach that AT&T has disclosed in 2024.
Theprevious data breach, which exposed customers' social security numbers, is unrelated to today’s incident.
Approximately 110 million AT&T customers will be notified of this breach.
Law enforcement has apprehended a suspect and is working to arrest others who were involved in this incident.
Source:AT&T,SEC
