AT&T on Friday announced that hackers obtained data on the calls and text messages of essentially all its customers over a period of several months.
The hacking incident is a significant breach of a major American telecommunications company. The trove of data includes digital traces of voice and text communications — the cellular numbers that customers called or received calls from, numbers that AT&T customers had text exchanges with, the times in which such communications were made.
The data extracted does not include the contents of calls, text messages, personal information such as Social Security numbers and dates of birth or other personally identifiable information.
Nearly all of AT&T’s wireless customers were impacted, the company said in a report filed with the Securities and Exchange Commission Friday morning. AT&T provides mobile and broadband service to more than 100 million U.S. consumers, according to its website. While the data does not include names, there are ways, using publicly available tools, to find the name associated with a specific telephone number.
AT&T does not believe that the data is publicly available, according to a SEC filing.
Metadata or call logs are the types of information that law enforcement typically can only obtain via a subpoena in criminal matters.
The breach involved customer metadata from May 2022 to October 2022 as well as Jan. 2, 2023, the company said. Hackers obtained the information during a period in April this year from an AT&T device within a third-party cloud platform, the company said. In May and then again in June, the U.S. Department of Justice determined a delay in providing public disclosure was warranted.
AT&T is working with law enforcement to arrest the hackers responsible for the breach. At least one person has been apprehended, according to the announcement.
AT&T said it will notify its current and former customers affected by this breach.
“AT&T has taken additional cybersecurity measures in response to this incident including closing off the point of unlawful access,” AT&T said in the SEC filing.
-This is a breaking news story. Return to ajc.com for updates.
©2024 The Atlanta Journal-Constitution. Visit at ajc.com. Distributed by Tribune Content Agency, LLC.
