In a significant cybersecurity incident, telecommunications giant AT&T announced on Friday that a cyberattack exposed data from “nearly all” of its customers. The compromised data was downloaded to a third-party cloud platform, marking a severe breach for the company.
“We have taken steps to close off the illegal access point,” AT&T said in a statement.
The company confirmed it is working with law enforcement to arrest those involved, and at least one person has already been apprehended.
The compromised data includes AT&T records of calls and texts from cellular, wireless networks, and landline customers between May 2022 and October 2022.
Additionally, records from January 2, 2023, for a small number of customers were also affected. The records identify the telephone numbers interacted with during those periods but do not contain the content of calls, texts, or personal information such as Social Security numbers.
“At this time, we do not believe that the data is publicly available,” AT&T assured.
Despite the exclusion of sensitive personal information, the compromised data still poses risks. While customer names are not included, it is often possible to link a name to a phone number using online searches.
This breach adds to a series of cybersecurity challenges AT&T has faced. In March, the company reset the passcodes of 7.6 million customers following a breach affecting approximately 70 million past and present customers. That incident included the release of Social Security numbers and full names on the dark web.
Beyond telecommunications, recent cyberattacks have affected various sectors, including healthcare and entertainment. These attacks have led to data theft and disrupted services, prompting some providers to pay ransoms.
AT&T has launched an investigation into the latest breach and engaged cybersecurity experts to understand the scope and nature of the criminal activity. The company emphasized that the compromised data does not include content from calls or texts, personal information, or usage details like timestamps.
The data breach affected AT&T’s cellular customers, customers of mobile virtual network operators using AT&T’s network, and landline customers who interacted with those cellular numbers. The compromised data also includes records identifying cell site identification numbers associated with the interactions for a subset of records.
Despite the breach, AT&T stated that it does not currently believe the data is publicly available. The company continues cooperating with law enforcement, which has already apprehended at least one individual involved.
The year has been marked by several significant data breaches, including another attack on AT&T earlier this year. In March, a dataset found on the dark web contained Social Security numbers for about 7.6 million current AT&T account holders and 65.4 million former account holders.
AT&T said it had reset the passcodes of current users and was communicating with account holders whose sensitive personal information was compromised.
The breach is part of a broader trend of cyberattacks affecting various industries. Recent incidents include disruptions at North American car dealerships following attacks on software provider CDK Global and a hacking attempt at the Alabama State Department of Education that resulted in a data breach.