Network operator AT&T has revealed they suffered a massive hack with call and text data of nearly 109 million customers illegally downloaded.
The company, in a regulatory filing Friday, said the stolen data included records of calls and texts of nearly all customers that were sent over a five month period in 2022.
They said the call logs were copied from its workspace on a third-party cloud platform, as reported by the MailOnline .
The FBI has launched an investigation and at least one person has been arrested.
Read more: AT&T customers 'can't make calls' in nationwide outage as users receive 'call failed' when dialing 911
AT&T said it first learned of the data breach in April this year. The data breach includes records of calls and texts sent between May and October 2022, but does not contain the content of calls or texts or personal information such as social security numbers.
Additionally, the compromised data also includes records from January 2, 2023, for a very small number of customers.
AT&T revealed that it first became aware on April 19 that a hacker had claimed to have unlawfully accessed and copied AT&T call logs.
Following an internal investigation, the company discovered that the hackers, between April 14 and April 25, unlawfully downloaded files containing AT&T records of customer call and text interactions.
These records also include AT&T customers of mobile virtual network operators using AT&T's wireless network.
The company said Friday that it has launched an investigation and engaged with cybersecurity experts to understand the nature and scope of the criminal activity.
“The data does not contain the content of calls or texts, personal information such as Social Security numbers, dates of birth, or other personally identifiable information,” AT&T said Friday.
These records identify telephone numbers with which a wireless number interacted during these periods and aggregate call duration.
A subset of records includes one or more cell site identification number.
In response, AT&T said it has implemented additional cybersecurity measures including closing off the point of unlawful access.
The telecom giant is cooperating with law enforcement and said it delayed public notification after the Justice Department determined it was warranted.
AT&T added it does not believe that the data is publicly available.
The company also stated that the incident has not had a material impact on AT&T's operations. However, AT&T shares dropped 2.7 per cent in pre-market trading Friday after the telecom firm confirmed the breach.
AT&T said that it currently doesn’t believe that the data is publicly available.
The company continues to cooperate with law enforcement on the incident and that it understands that at least one person has been apprehended so far.
The year has already been marked by several major data breaches, including an earlier attack on AT&T. In March AT&T said that a dataset found on the “dark web” contained information such as Social Security numbers for about 7.6 million current AT&T account holders and 65.4 million former account holders.
AT&T said at the time that it had already reset the passcodes of current users and would be communicating with account holders whose sensitive personal information was compromised.
Most Popular
Comments / 0