AT&T has assured that the compromised data is not believed to be publicly available and does not include sensitive personal details like Social Security numbers, dates of birth, or other personally identifiable information
AT&T has admitted to a security breach in 2022, revealing that the data of nearly all its customers was downloaded to a third-party platform.
The telecom giant confirmed this on Friday amid a rising tide of cyberattacks targeting businesses, schools, and health systems around the world. The breach affected AT&T’s mobile users, those using its network through other mobile virtual network operators, and landline customers who had interactions with these mobile numbers.
Despite the scale of the breach, AT&T has assured that the compromised data is not believed to be publicly available and does not include sensitive personal details like Social Security numbers, dates of birth, or other personally identifiable information.
“The data does not contain the content of calls or texts, personal information such as Social Security numbers, dates of birth, or other personally identifiable information,” the company stated on Friday. Moreover, the company clarified that the exposed data lacks certain details typically found in usage records, such as call or text time stamps and customer names. However, AT&T did acknowledge that it’s often possible to link telephone numbers to names using online tools.
An internal probe by AT&T uncovered that the leaked files contained records of calls and texts spanning from May 1, 2022, to October 31, 2022. With a massive customer base exceeding 100 million in the US alone and nearly 2.5 million business accounts, the implications of the breach are extensive.
In response to the incident, AT&T announced on Friday that it has initiated an in-depth investigation and is collaborating with cybersecurity specialists to grasp the full extent of the illicit access.
The compromised data also includes records from 2nd January 2023, for a small number of customers. These records reveal the phone numbers an AT&T or MVNO cellular number interacted with during these periods. For some records, one or more cell site identification number(s) associated with the interactions are also included.
The company is actively cooperating with law enforcement on the incident and it’s understood that at least one person has been apprehended so far.
This year has already seen several significant data breaches, including a previous attack on AT&T. In March, AT&T revealed that a dataset found on the “dark web” contained information such as Social Security numbers for about 7.6 million current AT&T account holders and 65.4 million former account holders.
Some car dealerships are still resorting to pens and paper to finalise deals following consecutive cyberattacks last month on a company that provides them with software. That company, CDK Global, is still striving to restore normal operations.
Earlier this month, Alabama’s education superintendent announced that some data was “breached” during a hacking attempt at the Alabama State Department of Education. Cybersecurity experts are issuing warnings that hospital systems across the country, which have already been targeted, are at risk of further attacks and that the US government is not doing enough to prevent breaches.
AT&T customers can visit att.com/DataIncident for more information. Shares of Dallas-based AT&T Inc. experienced a minor drop on Friday.
