A massive data breach affecting tens of millions of AT&T cellphone customers and non-AT&T customers has been revealed by the telecom company. AT&T disclosed that call and text message records from mid-to-late 2022 were exposed in the breach, including the telephone numbers of nearly all of its cellular customers and customers of wireless providers using its network between May 1, 2022, and October 31, 2022.
The compromised data includes a record of every number AT&T customers called or texted, the number of interactions, and call duration. However, the contents of the calls and text messages were not included in the stolen data, nor were the times of the communications. The breach also impacted a small number of customers from January 2, 2023.
The Federal Communications Commission (FCC) stated, “We have an ongoing investigation into the AT&T breach and we’re coordinating with our law enforcement partners,” on social media platform X. AT&T attributed the breach to an illegal download on a third-party cloud platform, which it became aware of in April. The company emphasized that the exposed data is not believed to be publicly available.
Despite the breach, AT&T assured that personal information such as Social Security numbers, dates of birth, or customer names were not exposed. The company acknowledged that publicly available tools could potentially link names with specific phone numbers. AT&T promised to notify affected customers and provide resources to protect their information.
In response to the breach, AT&T shares fell 1% on Friday. The company stated that it has initiated an investigation into the incident, hired cybersecurity experts, and taken necessary steps to address the breach. Additionally, AT&T is cooperating with law enforcement efforts to apprehend those responsible.
