Hackers stole six months’ worth of call and text message records of nearly every AT&T cellular network customer, the company said Friday.
The company said in an SEC filing that it learned from an internal investigation that in April, hackers “unlawfully accessed and copied AT&T call logs” that were saved on a third-party cloud platform.
The data contains records of calls and texts between approximately May 1 and Oct. 31, 2022, and on Jan. 2, 2023.
The content of the calls and messages was not compromised and customers’ personal information was not accessed — but the records did include phone numbers. The sheer size of the hack underlines the scale of the cybersecurity challenge facing big business.
AT&T’s wireless network has 127 million devices connected to it, according to the company’s 2023 annual report.
“While the data does not include customer names, there are often ways, using publicly available online tools, to find the name associated with a specific telephone number,” the company said in its SEC filing.
AT&T said it has “taken additional cybersecurity measures in response to this incident including closing off the point of unlawful access.” Customers affected by the hack will be contacted, it said.
The company said the U.S. Justice Department ruled that it should publicly announce details of the hack — on May 8 and June 5 — but only after an unspecified delay.
AT&T added that it is assisting law enforcement officers in efforts to arrest the hackers.
“Based on information available to AT&T, it understands that at least one person has been apprehended,” the company said, without providing further details.
The company sought to assure customers that, at least as of Friday, “AT&T does not believe that the data is publicly available.”
The filing also said the hack would not impact its operations or negatively affect its financial results.
This is a developing story. Please check back for updates.
Read the full article here