NEW YORK– Thursday, July 18, 2024 – AT&T acknowledged in an SEC filing on May 6 that a major data breach impacting nearly all of its wireless customers had taken place.
The filing said:
“On April 19, 2024, AT&T Inc. (“AT&T”) learned that a threat actor claimed to have unlawfully accessed and copied AT&T call logs. AT&T immediately activated its incident response process to investigate and retained external cybersecurity experts to assist. Based on its investigation, AT&T believes that threat actors unlawfully accessed an AT&T workspace on a third-party cloud platform and, between April 14 and April 25, 2024, exfiltrated files containing AT&T records of customer call and text interactions that occurred between approximately May 1 and October 31, 2022, as well as on January 2, 2023, as described below.
It said that the data did not contain the content of calls or texts, personal information such as Social Security numbers, dates of birth, or other personally identifiable information.
“Current analysis indicates that the data includes, for these periods of time, records of calls and texts of nearly all of AT&T’s wireless customers and customers of mobile virtual network operators (“MVNO”) using AT&T’s wireless network.
“These records identify the telephone numbers with which an AT&T or MVNO wireless number interacted during these periods, including telephone numbers of AT&T wireline customers and customers of other carriers, counts of those interactions, and aggregate call duration for a day or month. For a subset of records, one or more cell site identification number(s) are also included. While the data does not include customer names, there are often ways, using publicly available online tools, to find the name associated with a specific telephone number.
AT&T said that additional cybersecurity measures had been put in place in response to this incident including closing off the point of unlawful access.
“AT&T will provide notice to its current and former impacted customers,” it said in the filing.
The company revealed on its website that an unauthorized party accessed an internal workspace on a third-party cloud platform between April 14th and 25th, 2024. This resulted in the exfiltration of customer data related to call and text interactions.
According to AT&T, the compromised data includes phone numbers involved in calls and texts between May 1st, 2022, and October 31st, 2022, with a small number of records from January 2nd, 2023, also affected. The company emphasizes that the content of calls and texts, as well as personal information like social security numbers or names, was not accessed.
AT&T launched an investigation upon discovering the illegal download and has engaged cybersecurity experts to understand the scope of the incident. They are also collaborating with law enforcement agencies in their efforts to identify and apprehend those responsible.
The company has begun notifying affected customers via text message, email, or regular mail. While they are not currently offering identity theft protection, they are urging customers to be cautious of emails or texts requesting personal information and to avoid clicking on links from unsolicited sources.
This incident highlights the growing importance of cybersecurity for telecommunications companies. AT&T assures customers that they have taken steps to close the illegal access point and are committed to protecting customer information.