A staggering breach of AT&T’s network has compromised the call and text records of nearly 110 million customers, the telecommunications giant revealed.
According to Andrea Huguely, AT&T’s spokeswoman, the company will notify customers of the breach, which was first detected on April 19. A Friday filing with the Securities and Exchange Commission revealed that the breach occurred when unauthorized parties accessed an AT&T workspace on a third-party cloud platform, exfiltrating files containing records of customer call and text interactions between May 1, 2022, and October 31, 2022, as well as January 2, 2023.
Although the data does not include the content of calls or texts, it does contain identifying information such as phone numbers and call counts, as well as aggregate call durations for specific dates. In some cases, cell site identification numbers are also included. While Social Security numbers and dates of birth do not appear to have been compromised, AT&T is alerting customers out of an abundance of caution.
Despite the breach occurring three months ago, AT&T filed a delayed disclosure notice with the Department of Justice, receiving approval on May 9 and June 5 to delay public notification.
The company has been working with law enforcement to identify and apprehend those responsible for the breach, and one individual is currently being investigated in connection with the incident.
AT&T said it “does not believe that the data is publicly available” as of Friday.
In a news release on Friday, the company said that “customer data was illegally downloaded from our workspace on a third-party cloud platform.”
As part of its notification efforts, AT&T has established a dedicated webpage for customers to learn more about the breach.
This is not the company’s first breach this year. In March, AT&T resent passcodes for 7.6 million customers after a breach affected about 70 million current and former customers, according to The New York Times.