The News
A massive data breach exposed the call and text message logs of “nearly all” of AT&T customers, as well as many non-AT&T users between May and October 2022, the company said Friday. At least one person had been apprehended in connection with the hack, according to AT&T, and the FCC said it was investigating the incident.
The data, which was leaked in April, doesn’t include the contents of phone calls and messages or customers’ identifiable personal information such as names, social security numbers, or dates of birth, but it does expose the phone numbers and logs of millions of AT&T’s wireless customers and users of other providers that rely on its network. The data of a “very small number” of customers from January 2, 2023 was also involved, the company said.
The breach appears to have happened when hackers accessed AT&T’s workspace on a third-party cloud platform.
The company acknowledged that while customer names were not made public, it was possible to find names connected to phone numbers using publicly available online tools.
AT&T found out about the leak in mid April, but said the Department of Justice determined that a delay in disclosing the breach was warranted.
The disclosure comes just days after a report showed that billions of passwords had been leaked in potentially the biggest incident of its kind, and massive ransomware attacks earlier this year targeted US health tech company Change Healthcare, as well as the UK’s National Health Service. An International Monetary Fund study estimated that ransomware attacks have more than doubled since the pandemic.