In April, AT&T discovered that customer data had been illegally downloaded from a third-party cloud platform. An investigation was launched, and leading cybersecurity experts were engaged to understand the extent of the illegal activity. Steps have been taken to close off the illegal access point, and AT&T is working with law enforcement to apprehend those involved. It has been reported that at least one individual has been apprehended.
The investigation revealed that the compromised data includes records of calls and texts of nearly all of AT&T’s cellular customers, customers of mobile virtual network operators (MVNOs) using AT&T’s wireless network, and AT&T’s landline customers who interacted with those cellular numbers between May 1, 2022, and October 31, 2022. Additionally, records from January 2, 2023, for a very small number of customers were also compromised. The data identifies telephone numbers an AT&T or MVNO cellular number interacted with during these periods and, for a subset of records, includes cell site identification numbers associated with the interactions.
The data does not contain the content of calls or texts, personal information like Social Security numbers, dates of birth, or other personally identifiable information. It also omits typical details seen in usage records, such as timestamps of calls or texts. While customer names are not included, it is often possible to find the name associated with a specific telephone number using publicly available tools.
At this time, AT&T does not believe the data is publicly available.
The company’s top priority remains its customers. AT&T will notify current and former customers whose information was involved and provide resources to help protect their information. The company regrets the incident and remains dedicated to safeguarding the information in its care. Customers can visit att.com/DataIncident for more information.