AT&T Breach Exposes FBI Agents’ Call Logs, Sparks Security Concerns

DALLAS, Texas — AT&T, the U.S. telecommunications giant, disclosed a significant data breach in July involving call and text message logs from nearly all of its more than 100 million customers over a six-month period in 2022. The breach, which did not include the content of calls or texts, has raised alarms within the FBI, as agents’ communication records were also compromised, potentially exposing the identities of confidential sources.

The stolen data, which includes logs of mobile numbers used by FBI agents and other phone numbers linked to investigations, could reveal sensitive operational details. While it remains unclear how widely the data has been disseminated, the FBI has been working to mitigate potential fallout. In December, U.S. investigators arrested a suspect linked to the entity that threatened to leak the stolen data after attempting to extort AT&T.

In a statement to WIRED, the FBI emphasized its commitment to protecting confidential sources: “The FBI continually adapts our operational and security practices as physical and digital threats evolve. The FBI has a solemn responsibility to protect the identity and safety of confidential human sources, who provide information every day that keeps the American people safe, often at risk to themselves.”

AT&T spokesperson Alex Byers stated that the company collaborated closely with law enforcement to minimize the impact on government operations. “Given the increasing threat from cybercriminals and nation-state actors, we continue to increase investments in security as well as monitor and remediate our networks,” Byers said.

The breach comes amid revelations about a separate hacking campaign by China‘s Salt Typhoon espionage group, which targeted several U.S. telecoms, including AT&T. That campaign exposed call and text logs for a smaller group of high-profile targets, sometimes including recordings and location data.

In response to the escalating cyber threats, the Cybersecurity and Infrastructure Security Agency has advised Americans to use end-to-end encrypted platforms like Signal for secure communication. Signal, which stores minimal metadata, would not reveal user interactions even if breached. This recommendation marks a notable shift, given the U.S. Justice Department‘s historical skepticism of encryption.

Jake Williams, a former NSA hacker and vice president of research at Hunter Strategy, noted that the stolen AT&T logs should not pose a significant threat if FBI agents followed proper protocols. “Standard operating procedure should be designed to account for the possibility that call logs could be compromised,” Williams said. He suggested that the FBI’s warnings might stem from an abundance of caution or the discovery of protocol errors captured in the stolen data.

Williams also expressed broader concerns about the Salt Typhoon campaigns, which affected multiple telecoms and whose full impact remains unclear. “I worry about the FBI sources who might have been affected by this AT&T exposure, but more broadly the public still doesn’t have a full understanding of the fallout of the Salt Typhoon campaigns,” he said.

As the U.S. government continues to grapple with the implications of these breaches, the incident underscores the growing challenges of securing sensitive data in an increasingly interconnected world.