AT&T announced on Friday that “nearly all” of its customers in 2022 had their data breached by one or more hackers. The telecom giant reported that records of calls and texts between May and October 2022 were illegally downloaded by “threat actors.” AT&T discovered the issue in April and has been collaborating with cybersecurity experts to understand the nature and scope of the criminal activity.
The company stated that only telephone numbers and cell site IDs were obtained by the hackers, not other sensitive data such as the content of texts, Social Security numbers, and birth dates. However, AT&T did not rule out the possibility that hackers could uncover customers’ names.
AT&T is working with law enforcement to apprehend those involved in the breach, with at least one person already detained. The company clarified that a third-party cloud provider was compromised, not AT&T’s in-house servers. The data was accessed through a workspace on a separate cloud platform, which Bloomberg identified as Snowflake.
In an SEC filing, AT&T mentioned that the incident has not significantly impacted its operations and is not expected to materially affect its financial condition or results.
Statistics show that AT&T had 242 million wireless customers in the U.S. as of 2023, according to Statista. The breach compromised call logs for six months in 2022. Despite the hack, AT&T reported $30 billion in revenue for the first quarter of 2024. Following the news of the breach, AT&T’s stock price fell by 1.14%.