The data of nearly all customers of the telecommunications giant AT&T was downloaded to a third-party platform in a security breach, the company said Friday, as cyberattacks against businesses, schools, and health systems continue to spread globally.
The breach, most of which took place over five months in 2022, hit AT&T’s cellular customers, customers of mobile virtual network operators using AT&T’s wireless network, as well as its landline customers who interacted with those cellular numbers.
About 109 million customer accounts were affected, according to AT&T, which said that it doesn’t believe the data is publicly available.
“The data does not contain the content of calls or texts, personal information such as Social Security numbers, dates of birth, or other personally identifiable information,” AT&T said Friday.
People are also reading…
The compromised data also doesn’t include some information typically seen in usage details, such as the time stamp of calls or texts, the company said, or customer names. However, AT&T said there are often ways using publicly available online tools to find the name associated with a specific telephone number.
Cybersecurity experts concurred, saying that such data can be used to trace users.
“While the information that was exposed doesn’t directly have sensitive information, it can be used to piece… risk for more attacks and that the U.S. government is doing too little to prevent breaches.
Shares of AT&T Inc., based in Dallas, fell slightly on Friday.