AT&T disclosed multiple major security incidents affecting tens of millions of customers. In one breach, data tied to about 51 million people was acknowledged after customer records appeared online, prompting the company to reset account passcodes for millions of users. Reporting indicated the leaked information included personal customer details, raising concerns about account takeover and fraud exposure for current and former subscribers.
AT&T later revealed a separate, far broader compromise involving call and text metadata for nearly all AT&T cellular customers. The exposed records reportedly covered who customers communicated with and when interactions occurred, though not the content of calls or messages. Together, the incidents underscored the scale of AT&T's data security problems, spanning both subscriber account information and highly sensitive telecommunications metadata.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
6 events from the most recent confirmed update back to the earliest known activity.
AT&T revealed that cybercriminals stole call and text message records for nearly all of its cellular customers in a separate incident. The company said the compromised metadata covered interactions over a several-month period in 2022 and also included some records from early 2023, though message contents were not exposed.
AT&T said threat actors unlawfully accessed a workspace hosted on a third-party cloud platform between April 14 and April 25, 2024, and exfiltrated files containing customer call and text interaction records. The company learned of the threat actor's claim on April 19, activated incident response, retained external experts, and closed the access point.
AT&T publicly acknowledged that data belonging to approximately 7.6 million current customers and 65.4 million former customers had been leaked. The disclosure marked a reversal from earlier statements that there was no evidence AT&T data had been compromised.
In response to the online leak, AT&T reset account passcodes for millions of impacted customers and began notifying users whose sensitive data was exposed. The company said the newly surfaced dataset matched information that had appeared on the dark web.
A large cache of AT&T customer data was posted online, bringing renewed attention to a previously denied breach and exposing records tied to millions of current and former customers. Public reporting indicated the leaked data included sensitive personal information and account passcodes for many affected users.
AT&T later said a dataset affecting about 7.6 million current and roughly 65.4 million former account holders appears to date back to 2019 or earlier, indicating the underlying theft occurred by then. The exposed information included personal details such as names, addresses, phone numbers, dates of birth, Social Security numbers, and passcodes for many users.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
4 references tracked. Mallory keeps watching after this page renders.
edition.cnn.com
Open sourcesec.gov
Open sourcepandasecurity.com
Open sourcetechcrunch.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.