On Friday, July 12, AT&T disclosed that the call and text message records from mid-to-late 2022 of millions of AT&T cellphone customers were exposed in a massive data breach.
AT&T said the compromised data includes the telephone numbers of “nearly all” of its cellular customers and the customers of wireless providers that used its network between May 1, 2022 and October 31, 2022. At the end of 2022, AT&T listed approximately 110 million wireless subscribers.
AT&T stated that the stolen logs contain records of every number customers called or texted, including those of other wireless networks, the length of the calls, and the number of times calls were made. The breach also included AT&T landline customers who interacted with those cell numbers. The compromised data did not include the contents of those calls or the times they were made.
AT&T believes that an “illegal download” on a third-party cloud platform was the source of the breach.
AT&T learned about the breach in April while the company was in the middle of dealing with another unrelated data leak that compromised the personal information of 73 million current and former customers.
The company said that contents of the calls or texts, personal information such as Social Security numbers, dates of birth, or customer names were not exposed in this latest incident and that the exposed data is not believed to be publicly available.
AT&T said it learned on April 19 that a “threat actor claimed to have unlawfully accessed and copied call logs.” The company said it immediately hired experts and a subsequent investigation determined hackers had exfiltrated files between April 14 and April 25.
The company said it launched an investigation, hired cybersecurity experts and took steps to close the “illegal access point.”
The company also contacted the U.S. Department of Justice and the DOJ determined that a delay in public disclosure was warranted to allow it to review the data for potential national security or public safety risks. This appears to be the first cyber incident in which the Justice Department has asked a company to delay filing a disclosure with the SEC due to potential national security or public safety concerns. The FBI and the FCC have also launched investigations into the breach.
For more information on how to protect your company from cyberattacks, contact wedoIT.co