AT&T informed federal regulators on Friday that a data breach affected nearly all of its customers after a "threat actor" accessed and copied the company's call logs.
According to the filing, records of customer call and text interactions that occurred between approximately May 1 and October 31, 2022, as well as on January 2, 2023, were breached using a third-party cloud platform between April 14 and April 25, 2024.
AT&T said it learned of the incident on April 19 but got approval from the Department of Justice to delay notifying the public on two occasions.
Information compromised: Is that data breach notification letter legitimate?
The data included records of calls and texts of nearly all of AT&T’s wireless customers and customers of mobile virtual network operators using AT&T’s wireless network, the company said in its filing. The data did not reveal when exactly the phone calls were made, instead, it would show the number of instances users interacted with each other over a period of time.
"These records identify the telephone numbers an AT&T cellular number interacted with during this period. It also included counts of those calls/texts and total call durations for specific days or months," an AT&T spokesperson said.
RELATED STORY | FCC fines cell companies for allegedly selling customers' location information
AT&T said data does not include the content of calls or texts, personal information such as Social Security numbers, dates of birth, or other personally identifiable information. AT&T noted, however, that there are often ways, using publicly available online tools, to find the name associated with a specific telephone number.
"AT&T has taken additional cybersecurity measures in response to this incident including closing off the point of unlawful access. AT&T will provide notice to its current and former impacted customers," AT&T said.
AT&T said it does not believe that the data is publicly available.
When asked when a notice to customers might come, AT&T told Scripps News, "Our top priority, as always, is our customers. We will provide notice to current and former customers whose information was involved along with resources to help protect their information."
The company said that it is working with law enforcement in its efforts to arrest those involved, adding that one person has been apprehended in connection to the breach.
This is not the first time AT&T has responded to a massive data breach. Earlier this year, AT&T revealed that hackers were able to access personal information, including social security numbers, of nearly 7.6 million current customers.
@scrippsnews 📱 Millions of customers have been affected by a recent data breach at AT&T. If you were impacted, here’s what you can do to protect yourself with the information we currently know. #DataBreach #cybersecurity #news ♬ original sound - Scripps News