Here’s How to Tell if Your Data Was Stolen in the Massive AT&T Hack

Here’s How to Tell if Your Data Was Stolen in the Massive AT&T Hack

If you are one of AT&T’s cellular customers, you can check your account to see if your data has been compromised as part of the massive violation The telecommunications giant announced this on Friday.

If you were an AT&T customer between May 1, 2022 and October 31, 2022, it’s likely your data was affected, given that the company said “nearly all” of its mobile customer records were collected by hackers during that time. The breach also includes records from January 2, 2023 for a “very small number of customers,” AT&T said.

But customers can check if their data has been compromised by logging into their accounts, AT&T said.

“When customers log in, they can see if their data has been affected. They can also request a report that provides a more user-friendly version of the technical information that was compromised,” an AT&T spokesperson told CBS MoneyWatch.

The company also said it would alert affected customers via text message, email or postal mail.

AT&T does not provide identity theft protection to its customers at this time, a company spokesperson told CBS MoneyWatch. AT&T said customers can visit att.com/DataIncident for more information.

The compromised data includes AT&T customers’ call and text message records, but does not include the content of the calls or text messages, or personal information such as Social Security numbers, dates of birth or other personally identifiable information.

Why did AT&T wait to alert its customers?

In the United States, companies must disclose data breaches within 30 days of discovering the security issue. AT&T said it was notified of the hack in April but delayed notifying customers because it was working with agencies including the Justice Department and the FBI, which determined that disclosing the breach could pose security risks.

“The breach is considered a national security issue because these call logs reveal individuals’ social and/or professional networks,” Patrick Schaumont, a professor in the department of electrical and computer engineering at Worcester Polytechnic Institute, said in an email.

He added: “If Person A has a national security role, then Person A’s social network is a liability. Therefore, Person A’s call log must be kept secret. That’s why the Justice Department has blocked AT&T from disclosing the breach until now.”

AT&T did not disclose the identity of the hacker(s) responsible, but noted that one person has been apprehended in connection with the breach.