AT&T on Friday press release The company said “almost all” of its customers’ call and text message records were stolen in a massive data breach.
The telecommunications company said the sensitive information was “illegally downloaded from our workspace on a third-party cloud platform.” It said it had engaged “leading cybersecurity experts to understand the nature and scope of the criminal activity” and had begun an investigation into the incident.
“This is very sensitive, personal information.”
AT&T said it believes police have already arrested at least one person involved in the intrusion, but that it continues to work with authorities to catch all those responsible and “shut down illegal access points.”
The company’s investigation so far has found that hackers stole call and text records from “almost all AT&T mobile customers, customers of mobile virtual network operators (MVNOs) that use AT&T’s wireless network, and AT&T landline customers who communicated with these mobile numbers between May 1, 2022 and October 31, 2022.”
“The compromised data also includes a small number of customer records from January 2, 2023. The records identify telephone numbers with which AT&T or MVNO mobile numbers interacted during this time period. A subset of the records also contains one or more cell site identification numbers associated with the interactions,” AT&T announced in a press release.
The company noted that the stolen data did not include the contents of customer calls or text messages. The hackers did not obtain any personally identifiable information, such as Social Security numbers or dates of birth. Additionally, the company noted that the data leak does not include usage details, such as timestamps for calls or text messages.
“While the data does not include customer names, there are common ways to find names associated with specific phone numbers using publicly available online tools,” AT&T added. “At this time, we do not believe the data has been made public.”
According to the Securities and Exchange Commission in May FilingThe company said it learned of the data breach on April 19, 2024, and that “threat actors allegedly unlawfully accessed and copied AT&T call records.”
According to the SEC filing, the Department of Justice had previously advised AT&T to “delay” informing the public about the discovery. Form 8-K.
NBC News The Department of Justice and the FBI are reportedly working with AT&T to investigate the incident, and the Federal Communications Commission has launched its own investigation.
“If you have someone’s metadata, you know when they go to work, where they go, where they sleep every night,” Thomas Rid, a professor of strategic studies at Johns Hopkins University and director of the school’s Alperovich Cybersecurity Institute, told the media.
“This is highly sensitive personal information, and the sheer scale of information likely contained in this AT&T leak represents a massive, NSA-like window into what Americans are doing,” John Scott-Railton, a senior researcher at the University of Toronto’s Citizen Lab, said in a statement to NBC News.
Like Blaze News? Bypass the censorship and sign up for our newsletter to receive stories like this directly to your inbox. Register here!
