A cyberattack on the telecommunications giant AT&T exposed phone records from “nearly all” of its customers but did not compromise the content of calls or texts, the company said Friday.

“We have taken steps to close off the illegal access point,” AT&T said in a statement. The company said that it was working with law enforcement to identify those involved and that at least one person had been arrested.

The compromised data included files containing AT&T records of calls and texts from more than 100 million cellular customers, wireless network customers and landline customers from May 2022 through October 2022, and records from Jan. 2, 2023, for a small number of customers, the company said.

The records identify the telephone numbers an AT&T cellular number interacted with during those periods, but does not contain the content of calls or texts or information such as Social Security numbers, passwords or other personally identifiable information, the company said. While the data does not include customer names, it is possible to link a name to a phone number using online searches.

“At this time, we do not believe that the data is publicly available,” AT&T said. The company will notify current and former customers whose information was involved in the breach, it added.

Chris Pierson, chief executive of the cybersecurity company BlackCloak, said the incident appears to pose more of a national security concern than a risk to individual consumers. Through data broker records, phone numbers can be traced back to individuals, which could expose communication networks for people in national security roles.