AT&T has disclosed a data breach involving nearly all call and text records from its wireless network covering a period of several months in mid-2022. This includes both AT&T customers and customers of other carriers that use the AT&T network. The records only include phone numbers (from both ends), the number of times contacted, and call duration. The records do not include customer names nor any other personal info. They also do not include the content of texts or calls, nor do they include timestamps. For a subset of the breached data, cell tower IDs are also included, providing rough location data. AT&T does not believe the data is publicly available. Wired reports that a security researcher involved in the incident claims AT&T paid the hacker $370,000 for the only copy to be deleted. AT&T first discovered the breach in April, but was asked by the US Department of Justice to delay disclosure. At least one person has been arrested relating to the incident. 404 Media reports that the hacker arrested is John Binns, an American living in Turkey. Binns claimed responsibility for a large hack of T-Mobile in 2021. AT&T will notify affected customers directly.


More...