Hold the phone: AT&T reveals hack stole data of ‘nearly all’ customers in 2022

A cyber attack on telecommunications giant AT&T obtained data on “nearly all” of its more than 100m cellphone subscribers .

“We have taken steps to close off the illegal access point,” the company said in a statement on Friday. “We are working with law enforcement in its efforts to arrest those involved in the incident. We understand that at least one person has been apprehended.”

The breach compromised files containing records of calls and texts, mostly between May and October of 2022, identifying telephone numbers customers interacted with, without capturing the content of those interactions or sensitive identification information like Social Security numbers or passwords, according to the company.

The company became aware of the attack in April and reported it to federal officials shortly after, according to the Department of Justice , which said the hack wasn’t initially publicly disclosed to protect the ongoing investigation.

“The most likely beneficiary of this specific data are foreign nation states or foreign actors,” Chris Pierson, chief executive of the cybersecurity company BlackCloak, told The New York Times , describing how the phone data could be used to ascertain the communications network of high-value individuals like national security personnel.

The compromised data was stored by cloud computing company Snowflake , according to The Wall Street Journal, and AT&T has described the hack as information being “illegally downloaded from our workspace on a third-party cloud platform.”

“We have not identified evidence suggesting this activity was caused by a vulnerability, misconfiguration, or breach of Snowflake’s platform,” Snowflake’s chief information security officer told Fast Company .

In March, AT&T disclosed that it found a dataset on the “dark web” that contained identifying information like Social Security numbers for about 7.6 million current customers and 65.4 million former ones.

The company will notify those impacted by the recent breach , and customers can request the company send them phone numbers that were accessed using their records.