Here's how to find out if your data was stolen in AT&T's massive hack
If you're one of AT&T's cellular customers, you can check your account to see if your data was compromised as part of the massive breach the telecom giant announced on Friday.
If you were an AT&T customer between May 1, 2022 to Oct. 31, 2022, it's likely your data was involved, given that the company said "nearly all" its cellular customers' records were gathered by hackers during that time. The breach also includes records from Jan. 2, 2023 for a "very small number of customers," AT&T said.
But customers can check if their data was compromised by logging into their accounts, according to AT&T.
"When customers log in, they can see if their data was affected. They can also request a report that provides a more user-friendly version of technical information that was compromised," an AT&T spokesperson told CBS MoneyWatch.
The company also said it will alert customers who were impacted via text, email or U.S. mail.
The company isn't providing identity theft protection to customers at this time, the company spokesperson told CBS MoneyWatch. AT&T said customers can visit att.com/DataIncident for more information.
The compromised data involves records of calls and texts for AT&T customers, but doesn't include the content of the calls or texts, or personal information such as Social Security numbers, birth dates or other personally identifiable information.
Why did AT&T wait to alert customers?
Under U.S. securities regulations, companies must disclose data breaches within 30 days of learning about the security problem. AT&T said that it learned about the hack in April, but delayed informing customers because it was working with agencies such as the Department of Justice and the FBI, which determined that disclosing the breach could cause security risks.
"The breach is considered a national security concern because these call logs reveal social and/or professional networks of people," said Patrick Schaumont, professor in the Department of Electrical & Computer Engineering at Worcester Polytechnic Institute, in an email.
He added, "If person A has a role relevant to national security, then person A's social network is a liability. So, person A's call log must be kept secret. That's why the Department of Justice prevented AT&T from disclosing the breach until now."
AT&T hasn't revealed the identity of the hacker or hackers responsible, but noted that one person has been apprehended in connection with the breach.
