In a regulatory filing on Friday, AT&T disclosed that a hacker successfully stole the records of calls and texts for “nearly all” of its customers. The breach was uncovered during an investigation initiated after AT&T learned on April 19 that a hacker “claimed to have unlawfully accessed and copied AT&T call logs,” as detailed in a filing with the U.S. Securities and Exchange Commission (SEC).
Fox Business reports that the hacker infiltrated an AT&T workspace on a third-party cloud platform, exfiltrating files containing customer call and text interaction records from May 1 to October 31, 2022. A “very small number” of records were also compromised on January 2, 2023, according to a separate release by AT&T.
The stolen data includes records of calls and texts of nearly all AT&T’s cellular customers, customers of mobile virtual network operators (MVNOs) using AT&T’s wireless network, and AT&T’s landline customers who interacted with those cellular numbers. These records identify telephone numbers involved in interactions during the specified periods, including those of AT&T wireline customers and customers of other carriers. Additionally, the data includes counts of interactions and aggregate call durations for a day or month.
Fortunately the breach did not compromise the content of the calls or messages. The hacker also did not access personal information such as Social Security numbers or dates of birth. However, AT&T cautioned that while the data lacks customer names, it is possible to find the name associated with a specific telephone number through certain publicly available online tools.
In response, AT&T launched an investigation and enlisted leading cybersecurity experts to determine the nature and scope of the criminal activity. The company has since closed off “the point of unlawful access.”
One individual has been arrested, and AT&T says it continues to work with law enforcement to apprehend others involved.
AT&T’s recent challenges include a March data breach that exposed 73 million current and former accounts on the dark web. Additionally, AT&T faced consecutive service issues, including a broad network outage in February that lasted approximately 10 hours, and another incident in June.
Thank you for visiting