AT&T reports that data from approximately 109 million U.S. customer accounts was illegally accessed and downloaded.
AT&T announced on Friday that it had experienced a significant security breach, resulting in the unauthorized access and download of customer account data. The compromised information includes call and text records from 2022 for approximately 109 million customers. The company is actively investigating the incident and taking steps to safeguard customer data.
The Federal Bureau of Investigation (FBI) is conducting an
investigation into an incident involving the unauthorized copying of AT&T
call logs from a third-party cloud platform. At least one individual has been
apprehended in connection with this significant breach of consumer
communication records.
AT&T has disclosed that a data breach has occurred,
affecting records of calls and texts for a substantial portion of its cellular
and landline customers. The compromised data spans from May 2022 to October
2022. It’s crucial to note that the content of calls, texts, and personal
information, such as social security numbers, remain secure.
AT&T stock experienced a decline of 2% in pre-market
trading activities.
The Federal Bureau of Investigation (FBI) and the Federal
Communications Commission (FCC) have not yet provided an official statement
regarding the matter.
Additionally, a limited number of customer records from
January 2, 2023, were also affected by the data breach.
On April 19th, AT&T became aware of a claim
made by a hacker regarding the unauthorized access and copying of AT&T call
logs. Our subsequent investigation revealed that between April 14th
and April 25th, unauthorized individuals infiltrated our systems and
exfiltrated files containing customer call and text interaction records. These
records also include AT&T customers of mobile virtual network operators
utilizing AT&T’s wireless network.
These logs identify telephone numbers that a wireless number
communicated with during these timeframes and provide a summary of the total
call duration. A select number of records also include one or more cell site
identification numbers.
AT&T has implemented additional cybersecurity measures,
including the closure of the unauthorized access point. Customers will be
notified of the incident and a dedicated website will be established to assist
them in determining if their data has been compromised.
AT&T is cooperating with law enforcement and has
postponed public notification in accordance with the Justice Department’s
decision. AT&T does not believe that the data has been made publicly
available.
The organization shared that the event has not had a
significant effect on AT&T’s operations.