AT&T Admits Data Breach Impacted “Nearly All” Customers

AT&T has admitted to a second security incident so far this year, after a data breach that took place in 2022 and early 2023 impacted “nearly all” its customers.

In March this year AT&T had confirmed it was investigating a cyber incident, after it had come “to our attention that a number of AT&T passcodes have been compromised.”

At the time, it indicated that approximately 7.6 million current account holders had been impacted by the leak, with a total of 65.4 million former account holders affected.

AT&T reset the passcodes of the 7.6 million account holders.

Second incident

But a second breach that impacted 109 million customers was discovered shortly after this on 19 April 2024, which was unrelated to its earlier security incident in March.

The American carrier stated in an update disclosure on Friday that “based on our investigation, the compromised data includes files containing AT&T records of calls and texts of nearly all of AT&T’s cellular customers, customers of mobile virtual network operators (MVNOs) using AT&T’s wireless network, as well as AT&T’s landline customers who interacted with those cellular numbers between May 1, 2022 – October 31, 2022.”

It added that the “compromised data also includes records from January 2, 2023, for a very small number of customers.” It did not specify how many customers this 2023 breach has impacted.

The stolen data does not contain the content of calls or texts, personal information such as Social Security numbers, dates of birth, or other personally identifiable information, said the carrier.

It also does not include some typical information a customer would see in their usage details, such as the time stamp of calls or texts. While the data does not include customer names, there are often ways, using publicly available online tools, to find the name associated with a specific telephone number, the carrier admitted.

“At this time, we do not believe that the data is publicly available,” stated the carrier. “Our top priority, as always, is our customers. We will provide notice to current and former customers whose information was involved along with resources to help protect their information.”

“We sincerely regret this incident occurred and remain committed to protecting the information in our care. Customers can visit att.com/DataIncident for more information.

One arrest

It added it is working with law enforcement on the matter, most notably the FBI.

The carrier has confirmed to a number of media outlets, including Reuters, that 109 million customer accounts containing records of calls and texts from 2022 were illegally downloaded.

Media outlets also state that at least one person has been arrested after AT&T call logs were copied from a workspace on a third-party cloud platform.

The FBI has reportedly said it worked with AT&T and the Justice Department “collaboratively through the first and second delay process, all while sharing key threat intelligence to bolster FBI investigative equities and to assist AT&T’s incident response work.”

The Federal Communications Commission said it is also has an ongoing investigation.