Key Takeaways
- AT&T said nearly all its cellular customers had call and text records compromised in an April data breach.
- The breach does not include users’ names, but that information could be determined by publicly available tools linking names to phone numbers.
- AT&T believes the leaked data is not currently publicly available.
AT&T (T) said Friday that call and text records from “nearly all” its cellular customers were compromised in a massive data breach in April, sending shares lower.
The breach includes data from May 1, 2022, to Oct. 31, 2022, plus a small amount from Jan. 2, 2023, AT&T said. It does not include customer names or the content of calls or texts, according to the company, which said names could be identified using publicly available tools. AT&T said it believes the data is not currently publicly available.
“In April, AT&T learned that customer data was illegally downloaded from our workspace on a third-party cloud platform,” the company said in a statement. “We launched an investigation and engaged leading cybersecurity experts to understand the nature and scope of the criminal activity. We have taken steps to close off the illegal access point.”
The company said that in addition to its cellular customers, the breach involved other companies with access to its cellular network and some landline customers.
At least one person has been apprehended, AT&T said.
In February, a widespread AT&T outage affected thousands of cell phone customers. The company said the outage was likely caused by the “the application and execution of an incorrect process used as we were expanding our network, not a cyber attack.”
Shares of AT&T dropped about 1% in early trading Friday.