A huge breach of AT&T’s network has exposed the call and text records of nearly all of the telecom giant’s customers.
The company will notify about 110 million customers of the breach, AT&T spokeswoman Andrea Huguely told TechCrunch.
A Friday filing with the Securities and Exchange Commission said AT&T learned about the breach on April 19.
“AT&T believes that threat actors unlawfully accessed an AT&T workspace on a third-party cloud platform and, between April 14 and April 25, 2024, exfiltrated files containing AT&T records of customer call and text interactions that occurred between approximately May 1 and October 31, 2022, as well as on January 2, 2023,” the filing said.
The filing said the data stolen does not include the content of calls or texts.
It also said personal information such as Social Security numbers and dates of birth did not appear to have been compromised.
However, the filing said, the data includes “calls and texts of nearly all of AT&T’s wireless customers and customers of mobile virtual network operators (‘MVNO’) using AT&T’s wireless network.”
“These records identify the telephone numbers with which an AT&T or MVNO wireless number interacted during these periods, including telephone numbers of AT&T wireline customers and customers of other carriers, counts of those interactions, and aggregate call duration for a day or month,” it said.
The filing said that for some records stolen, “one or more cell site identification number(s) are also included.”
Are you an AT&T customer?
Yes: 100% (2 Votes)
No: 0% (0 Votes)
Although names are not in the stolen data, the company said “there are often ways, using publicly available online tools, to find the name associated with a specific telephone number.”
Although the breach was three months ago, AT&T said in its filing that on May 9 and June 5, the Department of Justice approved a delay in disclosure.
SEC filing indicates DOJ allowed AT&T to delay disclosure (twice), citing this national security exemption 👇 pic.twitter.com/J26y076LVc
— Zachary Cohen (@ZcohenCNN) July 12, 2024
The company said in its filing that it was working with law enforcement and believed one person had been caught in connection with the breach.
AT&T said it “does not believe that the data is publicly available” as of Friday.
In a news release on Friday, the company said that “customer data was illegally downloaded from our workspace on a third-party cloud platform.”
“We launched an investigation and engaged leading cybersecurity experts to understand the nature and scope of the criminal activity. We have taken steps to close off the illegal access point,” the release said.
It said the breached data “does not include some typical information you see in your usage details, such as the time stamp of calls or texts.”
AT&T set up a web page devoted to this breach.
This is not the company’s first breach this year. In March, AT&T resent passcodes for 7.6 million customers after a breach affected about 70 million current and former customers, according to The New York Times.
In that breach, the company said customer data that could have included Social Security numbers and customer names was put on the dark web.