Text message and phone call records from “nearly all of” AT&T’s customers were exposed in a data breach two years ago, the company said Friday, the latest hack for the company after personal information from tens of millions of customers was leaked on the dark web earlier this year.
Compromised data was downloaded from a third-party cloud platform targeted in recent hacks.
The data breach includes call and text records from most AT&T customers between May and October 2022, though it does not include the content of any of those calls or texts and it’s likely none of the information has been released publicly, according to AT&T.
The records also include the phone numbers of people contacted by the affected AT&T customers, in addition to the number of times they interacted or call duration.
Personal information like Social Security numbers, dates of birth or other “personally identifiable information” like names weren’t included in the hack, AT&T said, though the company noted there are “often ways” to find names associated with phone numbers.
Records from another breach on Jan. 2, 2023, affected a “very small” number of customers, AT&T said.
The company learned in April that customer data was accessed from a workspace on the third-party cloud platform Snowflake, an AT&T spokesperson told Bloomberg.
AT&T is reportedly working with law enforcement to identify those responsible for the breach, adding at least one person has been arrested so far.
Get Forbes Breaking News Text Alerts: We’re launching text message alerts so you'll always know the biggest stories shaping the day’s headlines. Text “Alerts” to (201) 335-0739 or sign up here.
110 million. That’s how many wireless subscribers AT&T listed at the end of 2022.
AT&T disclosed in May that the personal information, including Social Security numbers, from about 73 million customers was leaked on the dark web. The data set appears to be from 2019 or earlier, the company said, adding there was no evidence of unauthorized access to its systems. AT&T said the passwords for millions of customers were reset after the leak, and it will communicate “proactively” with those affected and offer credit “where applicable.”