AT&T Security Breach: Message to the Campus Community

On July 12, AT&T reported customer data was illegally downloaded from an AT&T workspace onto a third-party cloud platform. 

The downloaded data included counts of phone calls and text messages for nearly all of AT&T cellular customers from May 1, 2022, to October 31, 2022, as well as on January 2, 2023. Content from iMessage and WhatsApp information are not part of this breach.

These records identify other phone numbers that an AT&T wireless number interacted with during this time, including AT&T landline (home phone) customers. For a subset of the records, one or more cell site ID numbers associated with the interactions are also included. Someone may be impacted if they are not an AT&T customer if an AT&T customer called them.

AT&T reports these downloaded data don’t include the content or time stamps for any calls or texts. It also doesn’t have any details such as Social Security numbers, dates of birth, or other personally identifiable information.

Stanford University IT’s Mobile Device Services team is maintaining communication with AT&T regarding the issue.

AT&T learned about this breach on April 19, 2024, and based on its investigation, determined threat actors unlawfully accessed an AT&T workspace on a third-party cloud platform between April 14 and April 25, 2024.

AT&T has confirmed the affected access point has been secured, and is working with law enforcement in its efforts to arrest those involved in the incident. AT&T will provide updates on their Data Incident website, and all impacted customers will receive letters in the mail explaining the incident.