91³Ô¹ÏÍø

Watch CBS News
MoneyWatch

Here's how to find out if your data was stolen in AT&T's massive hack

By
Aimee Picchi
Associate Managing Editor, MoneyWatch
Aimee Picchi is the associate managing editor for CBS MoneyWatch, where she covers business and personal finance. She previously worked at Bloomberg News and has written for national news outlets including USA Today and Consumer Reports.
Read Full Bio
Aimee Picchi

/ CBS News

If you're one of AT&T's cellular customers, you can check your account to see if your data was compromised as part of the massive breach the telecom giant announced on Friday. 

If you were an AT&T customer between May 1, 2022 to Oct. 31, 2022, it's likely your data was involved, given that the company said "nearly all" its cellular customers' records were gathered by hackers during that time. The breach also includes records from Jan. 2, 2023 for a "very small number of customers," AT&T said.

But customers can check if their data was compromised by logging into their accounts, according to AT&T.

"When customers log in, they can see if their data was affected. They can also request a report that provides a more user-friendly version of technical information that was compromised," an AT&T spokesperson told CBS MoneyWatch.

The company also said it will alert customers who were impacted via text, email or U.S. mail.

The company isn't providing identity theft protection to customers at this time, the company spokesperson told CBS MoneyWatch. AT&T said customers can visit  for more information. 

The compromised data involves records of calls and texts for AT&T customers, but doesn't include the content of the calls or texts, or personal information such as Social Security numbers, birth dates or other personally identifiable information. 

Why did AT&T wait to alert customers?

Under U.S. securities regulations, companies must disclose data breaches within 30 days of learning about the security problem. AT&T said that it learned about the hack in April, but delayed informing customers because it was working with agencies such as the Department of Justice and the FBI, which determined that disclosing the breach could cause security risks.

"The breach is considered a national security concern because these call logs reveal social and/or professional networks of people," said Patrick Schaumont, professor in the Department of Electrical & Computer Engineering at Worcester Polytechnic Institute, in an email.

He added, "If person A has a role relevant to national security, then person A's social network is a liability. So, person A's call log must be kept secret. That's why the Department of Justice prevented AT&T from disclosing the breach until now."

AT&T hasn't revealed the identity of the hacker or hackers responsible, but noted that one person has been apprehended in connection with the breach.

Edited by Anne Marie D. Lee

In:

© 2024 91³Ô¹ÏÍø. All Rights Reserved.

View CBS News In
CBS News App Open
Chrome Safari Continue
const link = doc.createElement('link'); link.rel = 'stylesheet'; link.href = '/fly/fly/bundles/cbsnewscontent/css/cmp-banner.min.css?v=50747257b890e014813016b79ece0fb2'; doc.head.appendChild(link); doc.body.innerHTML = CONSENT_MESSAGE; } else { el.insertAdjacentHTML('afterend', CONSENT_MESSAGE); } }); } function hidePrivacyMessage() { // Remove from the main document document.querySelectorAll(`.${CONSENT_MESSAGE_CLASS}`).forEach(el => el.remove()); // Remove from inside any iframes document.querySelectorAll('iframe').forEach(iframe => { const doc = iframe.contentDocument || iframe.contentWindow.document; doc.querySelectorAll(`.${CONSENT_MESSAGE_CLASS}`).forEach(el => el.remove()); }); } function activateGatedScripts() { // Handle both new format (cmp-gated-script) and old OneTrust/Ketch format (optanon-category-4) const gatedScripts = Array.from(document.querySelectorAll('script.cmp-gated-script, script.optanon-category-4')); // Activate scripts sequentially with a small delay to avoid timing issues let delay = 0; gatedScripts.forEach(function(placeholder, index) { setTimeout(function() { // Skip if already processed if (placeholder.hasAttribute('data-cmp-processed')) { return; } placeholder.setAttribute('data-cmp-processed', 'true'); const newScript = document.createElement('script'); newScript.type = 'text/javascript'; // Try new format first (data-cmp-src), then fall back to old format (data-src) const src = placeholder.getAttribute('data-cmp-src') || placeholder.getAttribute('data-src'); if (src) { newScript.src = src; } else if (placeholder.textContent) { // Inline script - just copy the content newScript.textContent = placeholder.textContent; } // Handle new format attributes (data-cmp-attrs) - for both inline and external scripts const attrs = placeholder.getAttribute('data-cmp-attrs'); if (attrs) { const tempDiv = document.createElement('div'); tempDiv.innerHTML = '
<\/div>'; const tempAttrs = tempDiv.firstChild.attributes; for (let i = 0; i < tempAttrs.length; i++) { // For external scripts, allow defer/async. For inline scripts, skip them (not valid) if (src || (tempAttrs[i].name !== 'async' && tempAttrs[i].name !== 'defer')) { newScript.setAttribute(tempAttrs[i].name, tempAttrs[i].value); } } } // Copy other attributes from old OneTrust format for (let i = 0; i < placeholder.attributes.length; i++) { const attr = placeholder.attributes[i]; // Skip attributes we've already handled or don't want to copy if (!['class', 'data-src', 'data-type', 'data-cmp-src', 'data-cmp-attrs', 'data-cmp-processed', 'type', 'async', 'defer', 'src'].includes(attr.name)) { newScript.setAttribute(attr.name, attr.value); } } placeholder.parentNode.replaceChild(newScript, placeholder); // If external script, manually trigger window.onload handlers after it loads // This handles widgets that use window.onload for initialization if (src) { newScript.addEventListener('load', function() { // If page already loaded and script set a new onload handler, trigger it if (document.readyState === 'complete' && window.onload) { const originalOnload = window.onload; window.onload = null; // Clear temporarily to prevent loops originalOnload(); // Execute the handler } }); } }, delay); delay += 500; // 500ms delay between each script to allow full loading }); } cbsoptanon.onScriptsReady(function(cmp) { cmp.ot.targetingAllowed(function(allowed) { if (!allowed) { showPrivacyMessage(); } else { activateGatedScripts(); } }); cmp.ot.awaitInitialConsent(function(consent_model) { cmp.ot.addOnConsentChangedHandler(function() { cmp.ot.targetingAllowed(function(allowed) { if (allowed) { hidePrivacyMessage(); activateGatedScripts(); } else { showPrivacyMessage(); } }); }); }); });