In an announcement on Friday, July 12, AT&T said that they had discovered a data breach in April involving an unauthorized download of data from a third-party cloud platform that affects nearly all of its customers.
The telecommunications company said in a statement they had since launched an investigation and enlisted the help of cybersecurity experts to assess the breach’s scope and nature.
The company added they had confirmed the data access point used to obtain the information had been secured and AT&T is working with law enforcement, resulting in at least one arrest.
“Protecting your data is one of our top priorities,” the company said in a separate post on a website set up to answer questions customers may have about the leak. “We hold ourselves to a high standard and commit to delivering the experience that you deserve. We constantly evaluate and enhance our security to address changing cybersecurity threats and work to create a secure environment for you. We invest in our network’s security using a broad array of resources including people, capital, and innovative technology advancements.”
The breach compromised records of calls and texts for nearly all AT&T cellular customers, as well as customers of mobile virtual network operators (MVNOs) using AT&T’s wireless network, and AT&T landline customers who interacted with those cellular numbers, the company said.
The affected period spans from May 1, 2022, to October 31, 2022, with additional records from January 2, 2023, for a small number of customers also being leaked. The compromised data includes telephone numbers involved in interactions and, for some records, cell site identification numbers.
“The data does not contain the content of calls or texts, personal information such as Social Security numbers, dates of birth, or other personally identifiable information,” the company’s statement noted. “It also does not include some typical information you see in your usage details, such as the time stamp of calls or texts. While the data does not include customer names, there are often ways, using publicly available online tools, to find the name associated with a specific telephone number.”
The company added that it does not believe the compromised data is publicly available. AT&T plans to notify affected current and former customers and provide resources to help protect their information.
“Our top priority, as always, is our customers,” the company added. “We will provide notice to current and former customers whose information was involved along with resources to help protect their information. We sincerely regret this incident occurred and remain committed to protecting the information in our care.”
The FBI in an email to The Epoch Times said that shortly after identifying a potential breach to customer data, AT&T contacted the agency to report the incident.
“In assessing the nature of the breach, all parties discussed a potential delay to public reporting ... due to potential risks to national security and/or public safety,” the FBI said.
“AT&T, FBI, and DOJ worked collaboratively through the first and second delay process, all while sharing key threat intelligence to bolster FBI investigative equities and to assist AT&T’s incident response work.”
The agency did not comment on The Epoch Times’ question regarding AT&T’s claim that one individual had been apprehended over the data breach.
Previous Breach
In late March, AT&T disclosed another significant data breach involving the leak of information from approximately 73 million current and former account holders.The data, which appeared on the dark web around mid-March, includes details from 7.6 million current and 65.4 million former customers, likely from 2019 or earlier.
Compromised information varied but may include passcodes, full names, email addresses, home addresses, phone numbers, dates of birth, and Social Security numbers.
AT&T said at the time they had reset passcodes for the affected current account holders and were offering identity theft and credit monitoring services to those whose sensitive personal information was compromised.
The company is working with external cybersecurity experts to investigate the breach and has found no evidence of unauthorized access to its systems. AT&T also stated that the compromised data does not include personal financial information or call history.
The origin of the leaked data remains uncertain, and it is unclear whether it is related to a 2021 claim by the hacker group ShinyHunters, who previously alleged they had obtained data impacting 71 million AT&T customers. Despite the breach, AT&T reported no material impact on its operations.
