Compromised call and text records
AT&T disclosed the breach in an SEC filing and said no actual content of any of the calls or texts had been compromised.
“The data does not contain the content of calls or texts, personal information such as Social Security numbers, dates of birth, or other personally identifiable information,” the company said. “Current analysis indicates that the data includes, for these periods of time, records of calls and texts of nearly all of AT&T’s wireless customers and customers of mobile virtual network operators (“MVNO”) using AT&T’s wireless network.”
Despite AT&T’s reassurances, the stolen call data records (CDR) may still pose major risks to customers. Apart from threats like identity theft, social engineering, financial fraud, and phishing, compromised CDRs have been shown to be invaluable in criminal cases and national security as the data may show a connection between a victim and a perpetrator.
