On Friday, AT&T announced that it had experienced a significant hacking incident in which data from approximately 109 million customer accounts, including records of calls and texts from 2022, was illegally downloaded in April.
The U.S. telecom company revealed that the FBI is investigating the breach and that at least one individual has been arrested. The stolen data was taken from AT&T’s workspace on a third-party cloud platform, representing a significant breach of consumer communication records.
This incident follows a ransomware attack on UnitedHealth Group’s Change Healthcare unit in February, which exposed private data for an estimated one-third of the U.S. population.
AT&T stated that the compromised data includes records of calls and texts for nearly all of its cellular and landline customers interacting with cellular numbers between May and October 2022. The data does not include the content of calls or texts or personal information such as social security numbers.
Following the announcement, AT&T shares fell 1.2% in early trading. The company had delayed disclosing the hack at the request of the Justice Department.
The FBI, while not identifying any suspects on Friday, confirmed its collaboration with AT&T and the Justice Department during the investigation, sharing key threat intelligence to support AT&T’s incident-response efforts. The Federal Communications Commission also has an ongoing investigation.
Additionally, the compromised data includes records from January 2, 2023, for a small number of customers.
AT&T first learned on April 19 that a hacker claimed to have unlawfully accessed and copied its call logs. The company’s investigation found that hackers had exfiltrated files containing customer call and text records between April 14 and 25. These records include interactions with telephone numbers and aggregate call duration, and some records contain one or more cell site identification numbers.
AT&T has since closed the point of unlawful access and believes the data is not publicly available.
In March, AT&T investigated a data set released on the “dark web,” which affected approximately 7.6 million current account holders and 65.4 million former account holders. The company said this data set appeared to be from 2019 or earlier.
