US telecoms giant AT&T disclosed a breach in July involving "almost all" call and text message logs of its more than 100 million customers for six months of 2022. But in addition to exposing vast troves of Americans' personal communication details, the FBI has also been alert to the leak of its agents' call and text message records. A document seen and first reported by Bloomberg shows that the bureau has been working to mitigate the potential impact of any disclosure of the identity of anonymous sources related to the investigation.

The leaked data does not include the contents of calls and text messages, but Bloomberg reports that it will show communication logs from the agents’ cell phone numbers and other phone numbers they used over a six-month period. It's unclear how widely, if at all, the stolen data was spread. Wired reported in July that AT&T paid $370,000 to try to delete the data after hackers tried to blackmail it. In December, U.S. investigators charged and arrested a suspect who was reportedly behind entities threatening to leak stolen data.

"As physical and digital threats evolve, the FBI continues to adapt our operations and security practices," the FBI told Wired in a statement. "The FBI has a solemn responsibility to protect the identity and security of confidential sources who The information provided every day keeps the American people safe, but often puts them at risk themselves."

AT&T spokesman Alex Byers said in a statement that the company "worked closely with law enforcement to mitigate the impact on government operations" and applauded their "thorough investigation." "Given the growing threat from cybercriminals and nation-state actors, we will continue to increase our security investments and monitor and remediate our networks," Byers added.

The situation is emerging as revelations continue of another hacking campaign carried out by the Chinese Salt Typhoon espionage group that compromised a string of U.S. telecom companies, including AT&T. This single incident exposed a small set of information such as call and text logs and, in some cases, recordings as well as location data for a specific high-profile target.

As the U.S. government scrambles to respond, one recommendation from the FBI and Cybersecurity and Infrastructure Security Agency is for Americans to use end-to-end encrypted platforms such as Signal or WhatsApp to communicate. Signal in particular stores almost no metadata about its customers and, if compromised, would not reveal which accounts communicate with each other. This is sound advice from a privacy perspective, but very surprising given the DOJ's historical opposition to the use of end-to-end encryption. Still, the shift makes more sense if the FBI has been grappling with the possibility that its own informants may have been exposed as a result of a recent telecommunications breach.

However, Jake Williams, a former NSA hacker and vice president of research at Hunter Strategy, said the stolen AT&T call and text message logs should not pose a significant threat if agents strictly follow investigative communications. He said standard operating procedures should be designed to account for the possibility that call records could be leaked and should require agents to communicate with sensitive sources using phone numbers that have never been contacted by them or the U.S. government. Williams said the FBI may have alerted AT&T of the breach out of an abundance of caution, or may have discovered that the stolen data contained agent errors and protocol errors. "Unless someone fails to follow procedures, this is not a counterintelligence issue," he said.

Williams also added that while Salt Typhoon events are known to have affected only a relatively small group of people, they affected many telecommunications companies and the full impact of these breaches remains unknown.

"I am concerned that FBI sources may have been affected by the AT&T incident, but more broadly, the public still does not fully understand the consequences of Typhoon Salt activity," Williams said. "The U.S. government still seems to be trying to get a handle on this."