AT&T notified federal regulators on Friday that a data breach had impacted almost all of its customers when a “threat actor” gained access to and copied the company’s call logs.
The breach, as per the disclosure, compromised records of customer call and text interactions that took place between roughly May 1 and October 31, 2022, as well as on January 2, 2023. This breach occurred through a third-party cloud platform between April 14 and April 25, 2024.
AT&T mentioned that they became aware of the breach on April 19 but received authorization from the Department of Justice to delay informing the public on two occasions.
In its filing, the company stated that the data included call and text records of almost all AT&T wireless customers and users of mobile virtual network operators utilizing AT&T’s wireless network. However, the data did not reveal specific call timings, but instead showed instances of user interactions over a period.
“The records identified the phone numbers that an AT&T cellular number interacted with during this time frame. It also included counts of calls/texts and total call durations on specific days or months,” a spokesperson for AT&T explained.
RELATED STORY | FCC fines cell companies for allegedly selling customers’ location information
AT&T clarified that the data did not comprise call or text content, personal details like Social Security numbers, birth dates, or other identifiable information. Nonetheless, AT&T acknowledged that there might be means, using publicly available online tools, to associate a specific phone number with a name.
“AT&T has implemented additional cybersecurity measures in response to this breach, including securing the unlawful access point. AT&T will inform its impacted current and former customers,” AT&T stated.
AT&T assured that they believe the data is not publicly accessible.
In response to queries about customer notifications, AT&T informed Scripps News, “Our primary focus, as always, is our customers. We will inform both current and former customers affected and provide them with resources to safeguard their information.”
The company mentioned its collaboration with law enforcement to apprehend those responsible, stating that one individual has been detained in connection to the breach.
This is not the first time AT&T has dealt with a significant data breach. Earlier this year, AT&T disclosed that hackers had accessed personal information, including SSNs, of around 7.6 million current customers.
