AT&T Says Data From Around 109M Customer Accounts Illegally Downloaded
AT&T said Friday the company suffered a massive hacking incident as data from about 109 million customer accounts containing records of calls and texts from 2022 was illegally downloaded in April.
AT&T’s breach is the latest big hack to hit a wide swath of Americans, coming on the heels of a ransomware attack on UnitedHealth Group’s Change Healthcare unit in February that hit an estimated one-third of the country whose private data may have been exposed.
AT&T said the compromised data includes files containing AT&T records of calls and texts of nearly all of AT&T’s cellular and AT&T’s landline customers interacting with those cellular numbers between May 2022 and October 2022 but does not contain the content of calls or texts or personal information such as social security numbers.
The FBI said it worked with AT&T and the Justice Department “collaboratively through the first and second delay process, all while sharing key threat intelligence to bolster FBI investigative equities and to assist AT&T’s incident response work.”
The FBI and Federal Communications Commission did not immediately comment.
The compromised data also includes records from Jan. 2, 2023, for a very small number of customers.
AT&T said it first learned on April 19 that a hacker had claimed to have unlawfully accessed and copied AT&T call logs. The company said its investigation found hackers had between April 14 and April 25 unlawfully exfiltrated files containing AT&T records of customer call and text interactions. The records also include AT&T customers of mobile virtual network operators using AT&T’s wireless network.
These records identify telephone numbers with which a wireless number interacted during these periods and aggregate call duration. A subset of records includes one or more cell site identification number.
AT&T said it has taken additional cybersecurity measures including closing off the point of unlawful access. It said it would notify customers of the incident and set up a website where they could determine if their data had been compromised.
AT&T is working with law enforcement and said it had delayed public notification based on a determination by the Justice Department. AT&T added it does not believe that the data is publicly available.
The company added the incident has not had a material impact on AT&T’s operations.
Related: AT&T Notifies Users of Data Breach, Resets Millions of Passcodes