AT&T says 'nearly every' cell customers' data accessed by hackers in 2022

July 12 (UPI) -- Data from "nearly every" AT&T cellular phone customer was downloaded and accessed by hackers during a six-month period in 2022, the telecommunications giant confirmed Friday.

Customer data including call and text records identifying phone numbers that AT&T phone numbers interacted with and counts of calls or text and total call durations for specific days and months was illegally downloaded from the Dallas-based company's workspace on a third-party cloud platform, AT&T said in a media release.

"Our investigation found that the downloaded data included phone call and text message records of nearly all of AT&T cellular customers from May 1, 2022, to Oct. 31, 2022, as well as on Jan. 2, 2023," the company said in the statement.

"We started an investigation and engaged leading cybersecurity experts to help us determine the nature and scope of the issue. We have confirmed the access point has been secured."

The company did not say exactly how many customers were affected, but its investor profile claims AT&T "provides more than 100 million U.S. consumers with communications experiences across mobile and broadband."

AT&T said it does not believe the data is publicly available at the present time and said the breach doesn't include content of any calls or texts, time stamps for those exchanges or personally identifiable information such as Social Security numbers or dates of birth.

"While the data doesn't include customer names there are often ways to find a name associated with a number using publicly available online tools," the company said.

The company also said it believes authorities have identified at least one person related to the hack.

"We continue to work with law enforcement in their efforts to arrest those involved. Based on information available to us, we understand that at least one person has been apprehended," it said in the statement issued Friday.

AT&T first learned this past April that hackers had accessed its customers' information, according to documents filed with the U.S. Securities and Exchange Commission.

The documents were filed the following month, on May 6, 2024.

The SEC also found AT&T disclosed knowledge of the incident and filed the correct documents in a timely fashion.

This past March, AT&T said it was investigating a security breach after data from nearly 8 million current and 65 million former customers was leaked on the dark web in 2019.

That information included personal information like social security numbers, leading AT&T to issue a message to customers , urging them to change their passwords.