AT&T announced on Friday that “nearly all” of its customers in 2022 experienced a data breach by one or more hackers.
The telecom giant revealed that records of calls and texts from May to October 2022 were unlawfully downloaded by “threat actors.” AT&T became aware of the issue in April and has been collaborating with cybersecurity experts to “understand the nature and scope of the criminal activity.” The company clarified that only telephone numbers and cell site IDs were accessed by the hackers, and no sensitive data such as text content, Social Security numbers, or birth dates were compromised. However, AT&T did not rule out the possibility that hackers might still identify customer names.
“We are working with law enforcement in its efforts to arrest those involved in the incident,” the company stated on Friday. “We understand that at least one person has been apprehended.”
AT&T emphasized that the breach occurred through a compromised third-party cloud provider, not its in-house servers. The company explained that the hackers accessed the data through its workspace on a separate cloud platform, which Bloomberg reported as Snowflake.
“This incident has not had a material impact on AT&T’s operations, and AT&T does not believe that this incident is reasonably likely to materially impact AT&T’s financial condition or results of operations,” said AT&T in an SEC filing.
By the numbers:
– 242 million: Wireless AT&T customers in the U.S. as of 2023, according to Statista
– 6: Number of months in 2022 for which hackers had nearly all AT&T customer call logs
– $30 billion: AT&T revenues in the first quarter of 2024
– 1.14%: Decline in AT&T’s stock price following news of the hack