AT&T announced Friday that “nearly all” of its cellular customers’ call and text records were compromised from the massive data breach that occurred three months ago. The FCC said it is investigating the incident and that it is “coordinating with its law enforcement partners” in the effort. AT&T provides connectivity for the U.S. military along with FirstNet emergency response services nationwide.
In April, AT&T learned that customer data was illegally downloaded from its workspace on a third-party cloud platform. The company claims it launched an investigation and engaged leading cybersecurity experts to understand the nature and scope of the criminal activity. Since then, AT&T has said it has taken steps to close off the illegal access point and is working with law enforcement in its efforts to arrest those involved in the incident. One person, reportedly, has been apprehended.
Based on AT&T’s investigation, the compromised data includes files containing AT&T records of calls and texts of nearly all of AT&T’s cellular customers, customers of mobile virtual network operators (MVNOs) using AT&T’s wireless network, as well as AT&T’s landline customers who interacted with those cellular numbers between May 1, 2022 – October 31, 2022. The compromised data also includes records from January 2, 2023, for a very small number of customers. The records identify the telephone numbers an AT&T or MVNO cellular number interacted with during these periods. For a subset of records, one or more cell site identification number(s) associated with the interactions are also included.
AT&T officials say the data does not contain the content of calls or texts, personal information such as Social Security numbers, dates of birth, or other personally identifiable information. It also does not include the timestamp of calls or texts.
“While the data does not include customer names, there are often ways, using publicly available online tools, to find the name associated with a specific telephone number,” the company said in a statement. “At this time, we do not believe that the data is publicly available.”
The carrier expressed its sincere regrets for the incident, stating they remain committed to protecting the information in their care. Customers can visit: att.com/DataIncident for more information.
Reader Interactions