AT&T said Friday that hackers had accessed call and text interactions of nearly all of its customers last spring in a massive hack of the telecom giant.
The company said in an SEC filing it learned in April “that a threat actor claimed to have unlawfully accessed and copied AT&T call logs.” The company immediately activated its incident response process to investigate and retained external cybersecurity experts to assist. Based on its investigation, it believes that “threat actors” unlawfully accessed an AT&T workspace on a third-party cloud platform and, between April 14 and April 25, 2024, exfiltrated files containing AT&T records of customer call and text interactions that occurred between approximately May 1 and October 31 of 2022, as well as on January 2, 2023.
The data includes, for these periods of time, records of calls and texts of nearly all of AT&T’s wireless customers and customers of mobile virtual network operators (MVNO) using AT&T’s wireless network. These records identify the telephone numbers with which an AT&T or MVNO wireless number interacted during these periods, including telephone numbers of AT&T wireline customers and customers of other carriers, counts of those interactions, and aggregate call duration for a day or month.
It does not contain the content of calls or texts, personal information such as Social Security numbers, dates of birth, or other personally identifiable information, AT&T said. Nor does it include customer names, but, AT&T noted, “there are often ways, using publicly available online tools, to find the name associated with a specific telephone number.”
The telco said it had closed off the point of hacker access. It will provide notice to its current and former impacted customers.
It said the Department of Justice had determined in May and June
That the company could delay providing public disclosure until now.
AT&T is working with law enforcement in its efforts to arrest those involved in the incident. “Based on information available to AT&T, it understands that at least one person has been apprehended.
As of the date of this filing, AT&T does not believe that the data is publicly available.