The most recent AT&T data breach occurred in March 2023, when AT&T notified 9 million customers that their data had been exposed following an attack on a third-party vendor.
Below is a full timeline of the AT&T data breaches through 2023, starting with the most recent.
March 2023: AT&T Notifies 9 Million Customers Following Attack on Vendor
In March, AT&T notified roughly 9 million customers that their data had been compromised following an attack on a third-party vendor. AT&T described the exposed data as “Customer Proprietary Network Information,” including data on customers’ wireless plans and payment amounts. According to AT&T, sensitive personal or financial information was not exposed in the attack.
August 2022: Stolen Data Discovered on 23 Million AT&T Customers
Hold Security – a cybersecurity firm – came across a trove of stolen data featuring the names, Social Security numbers, dates of birth, and more information on approximately 23 million Americans. After analyzing the information contained within the dataset, Hold Security determined the data likely relates to current or former AT&T customers.
The reason the cybersecurity firm believes the data pertains to AT&T customers is based on email domains, plus addressing, listed states aligning with AT&T internet areas, AT&T corporate addresses appearing in the dataset, and more. A significant amount of the customer information shows birth years of 2000, which suggests the data was acquired in 2018, based on the age requirement for getting an account.
AT&T didn’t confirm or deny where the data was related to customers but did state that it didn’t seem to originate from its systems. Instead, the company said it was potentially connected to a data incident at another company without elaborating further.
August 2021: Hacker Group Lists Data on Over 70 Million AT&T Customers for Sale
In August 2021, news emerged after a hacker group claimed it was selling data on over 70 million AT&T customers. RestorePrivacy found the information and attempted to determine if the sample data listed as part of the sale was authentic, and did find some matches based on public records. However, the group couldn’t confirm whether it was connected to AT&T customers specifically.
AT&T denied that the featured data is related to a new breach. The company claimed it didn’t appear to come from AT&T systems. As a result, the genuine source of the data isn’t known.
July 2020: US Department of Justice Charges AT&T Employees in Massive Phone Unlocking Scheme
Between 2012 and 2017, a number of AT&T employees at a call center in Bothell, Washington, were bribed to install malware and install unauthorized hardware as part of a phone unlock scam. Two Pakistani men – Muhammad Fahd and Ghulam Jiwani – paid more than $1 million in bribes to compromise AT&T’s internal networks and have phones unlocked in exchange for payments.
Initially, the activity focused on phone unlocks, with the scammers paying employees to unlock devices based on a list of IMEIs provided by the scammers. However, the approach later shifted and included requests to install malware that collected data on AT&T’s infrastructure, including keyloggers that recorded data relating to company computers and applications.
A second type of malware deployed through the pair used the data collected from the first piece of malware to take specific actions, including using employee credentials to unlock more phones. It’s estimated the hackers unlocked over 2 million devices.
October 2014: Customer Data Compromised After Employee Fails to Follow Privacy Policies
Reports emerged in October 2014 regarding a data breach that impacted an estimated 1,600 AT&T customers. An employee broke company policy and inappropriately accessed customer information, including Social Security and driver’s license numbers.
The impacted customers were located in Vermont, based on information provided in the reports. The employee responsible was immediately terminated once the issue was discovered, according to statements from AT&T. It isn’t clear whether the data was simply accessed in violation of company policy or if it was used for any particular purpose.
April 2014: Third-Party Vendor Uses Personal Data to Unlock Phones
In June 2014, reports emerged of an AT&T wireless data breach relating to the activities of three third-party vendor employees. The employees at the third-party vendor accessed personal data on customer accounts without authorization, giving them the ability to view details like birth dates, Social Security numbers, and more. Additionally, some limited call data was viewable to the third-party employees, such as destination numbers, times and dates of calls, and durations.
The purpose of the intrusion wasn’t necessarily to take advantage of sensitive data. Instead, the employees were requesting codes to unlock AT&T mobile devices, making them usable on other networks. AT&T believed that the third-party employees were assuming the identities of customers as a means of unlocking various phones.
AT&T didn’t disclose the exact number of customers impacted. However, based on California law disclosure requirements and related filings by AT&T, it’s possible at least 500 customers were affected by the breach.
2014: AT&T Insider Data Breach Exposes Information on 280k Customers
In 2013 and 2014, employees at AT&T call centers operating in Colombia, Mexico, and the Philippines exposed sensitive customer data to third parties. The data included the names and Social Security numbers (either full or partial) of approximately 280,000 AT&T customers.
The data wasn’t specifically collected for identity theft or similar purposes. Instead, the information was improperly accessed and sold to unlock mobile devices, likely to simplify reselling.
In April 2015, the Federal Communications Commission (FCC) fined AT&T $25 million for the breach, a record-setting amount at the time for a privacy-related issue.
June 2010: Security Flaw in AT&T’s Website and Mobile Network Exposes 114k iPad User Email Addresses
In June 2010, a hacker group claimed it had gathered email address information on 114,000 Apple iPad users associated with AT&T service. The hackers stated that they exploited a vulnerability on the company’s website and were able to collect identification numbers – the ICC-IDs – when the associated iPads communicated using the AT&T network. With that information, it’s possible to derive the connected emails.
AT&T acknowledged and claimed responsibility for the breach, though focused on minimizing the incident. The company also eliminated the feature on its website that was exploited.
June 2001: AT&T Wireless Customer Information Appears in Online Chat Rooms
As reported in June 2001, AT&T Wireless customer information began appearing in online chat rooms, indicating a potential breach. Customers noticed unauthorized charges on their credit card bills, and subsequent information connected the customers to the incident based on them previously signing up with AT&T Wireless or Verizon Wireless at some point between December 2000 and April 2001 using the companies’ online process.
During the investigation, chat room log files were discovered that contained sensitive customer information, including Social Security numbers, driver’s license numbers, and more. The exact number of impacted customers wasn’t clear, though some estimated the total to be in the hundreds at least.