AT&T informed federal regulators on Friday that a data breach impacted nearly all of its customers after a “threat actor” gained access to and copied the company’s call logs.
According to the report, records of customer call and text interactions that took place between approximately May 1 and October 31, 2022, as well as on January 2, 2023, were compromised through a third-party cloud platform between April 14 and April 25, 2024.
AT&T disclosed that it became aware of the breach on April 19, but had received permission from the Department of Justice to delay notifying the public on two separate occasions.
The breached data included records of calls and texts from almost all of AT&T’s wireless customers and customers of mobile virtual network operators utilizing AT&T’s wireless network. The information did not reveal the exact timing of the phone calls, but rather showed the number of interactions between users over a period.
“These records indicate the phone numbers an AT&T cellular number interacted with during this time. They also included counts of those calls/texts and total call durations for specific days or months,” an AT&T spokesperson stated.
RELATED STORY | FCC fines cell companies for allegedly selling customers’ location information
AT&T clarified that the data breach did not compromise the content of calls or texts, nor did it expose personal information such as Social Security numbers or dates of birth. However, AT&T noted that it is possible to find the name associated with a specific telephone number using publicly available online tools.
“AT&T has implemented additional cybersecurity measures in response to this incident, including blocking the unauthorized access point. AT&T will notify its current and former affected customers,” AT&T mentioned.
AT&T stated that it does not believe the breached data is publicly accessible.
When inquired about the timing of notifying customers, AT&T told Scripps News, “Our main focus, as always, is our customers. We will inform current and former customers whose information was compromised and provide resources to safeguard their information.”
The company mentioned that it is collaborating with law enforcement to apprehend those responsible, noting that one individual has been arrested in connection to the breach.
This is not the first time AT&T has dealt with a significant data breach. Earlier this year, AT&T disclosed that hackers were able to access personal information, including social security numbers, of nearly 7.6 million current customers.
