Latest AT&T Data Breach Hits 'Nearly All' Cellular Customers: What to Know
The new breach is just one of a series of cybersecurity attacks and privacy-related PR disasters AT&T has dealt with in the past few months.
AT&T revealed on Friday that call and text records for "nearly all" of its cellular customers were stolen by cybercriminals during a breach that took place in the middle of 2022 and in early 2023.
The Dallas-based telecom giant disclosed details of the breach in a press release and in an SEC filing Friday morning. In the filing, AT&T says it learned of the breach, in which call logs were accessed and copied, on April 19, 2024.
In the filing, AT&T said, "The data does not contain the content of calls or texts, personal information such as Social Security numbers, dates of birth, or other personally identifiable information. Current analysis indicates that the data includes, for these periods of time, records of calls and texts of nearly all of AT&T's wireless customers and customers of mobile virtual network operators ('MVNO') using AT&T's wireless network."
The breach is just one of a series of cybersecurity attacks and privacy-related PR disasters AT&T has dealt with in the past few months. In March, the company acknowledged a vendor breach that took place in January and affected 9 million people. Later that month, AT&T said it launched an investigation into a data leak affecting 73 million people related to data from 2019 or earlier. And in late April, AT&T was one of several telecom companies fined by the Federal Communications Commission for selling customer location data.
But this latest breach is notable in that it affects the vast majority of its wireless customers. The company said it plans to notify 110 million of them about what happened and has set up a webpage with information. AT&T told the site TechCrunch that the theft was related to data thefts targeting customers of the cloud data company Snowflake.
In an email to CNET, an AT&T spokesperson reiterated that the stolen data was "aggregated metadata" and did not include the content of calls or texts, or other personal information such as credit card or Social Security numbers.
"The incident took place outside of our network," the spokesperson said, adding that the company doesn't believe the data is publicly available.
In the SEC filing, the company said it's working with law enforcement on the investigation and that at least one person has been arrested so far in connection with the data theft. A spokesperson told TechCrunch that the investigation involves the FBI and the Department of Justice.
The FCC said Friday in a post on X that it is investigating the AT&T breach.