AT&T is reporting it was the victim of what is likely one of the largest data breaches of the year, as hackers obtained phone call and text message records of “nearly all of AT&T’s cellular customers,” the company said Friday.
The hack occurred in April on a third-party cloud platform, AT&T said, and impacted people who were customers from May 1, 2022 to October 31, 2022 as well as on January 2, 2023. The data shows other phone numbers that AT&T customers interacted with, but not the content of the calls and messages, nor time stamps.
“We hold ourselves to a high standard and commit to delivering the experience that you deserve,” the company wrote. “We constantly evaluate and enhance our security to address changing cybersecurity threats and work to create a secure environment for you. We invest in our network’s security using a broad array of resources including people, capital, and innovative technology advancements.”
AT&T, which has nearly 90 million cellphone subscribers, said the hackers also did not gain access to data such as Social Security numbers, dates of birth or other personally identifiable information, including names. However, linking a name that is associated with a phone number is a fairly easy task online.
Affected customers, both current and former, will be contacted directly by the company, informing them of the breach.
AT&T said it is cooperating with law enforcement and at least one person has already been apprehended in conjunction with the data breach.
News of the most recent hack follows a separate data breach in March, which saw the passcodes of 7.6 million customers compromised. The company forced a reset for impacted individuals at the time.