The data of nearly all customers of the telecommunications giant AT&T was downloaded to a third-party platform in a 2022 security breach, the company said Friday, in a year already rife with massive cyberattacks. The breach hit customers of AT&T’s cellular customers, customers of mobile virtual network operators using AT&T’s wireless network, as well as its landline customers interacted with those cellular numbers.
Quick Read
- AT&T Data Breach: The data of nearly all AT&T customers was downloaded to a third-party platform in a 2022 security breach, the company revealed on Friday.
- Wide-Ranging Impact: The breach affected AT&T’s cellular customers, customers of mobile virtual network operators using AT&T’s network, and landline customers interacting with those cellular numbers.
- Compromised Data: The breach involved records of calls and texts between May 1, 2022, and Oct. 31, 2022, but did not include the content of calls or texts or personal information like Social Security numbers or dates of birth.
- Investigation and Response: AT&T has launched an investigation, engaged cybersecurity experts, and is cooperating with law enforcement. At least one person has been apprehended in connection with the breach.
- Additional Details: The compromised data also included records from Jan. 2, 2023, for a small number of customers, identifying the telephone numbers interacted with and, in some cases, cell site identification numbers.
- Earlier Incidents: This breach follows another in March where a dataset containing Social Security numbers of about 7.6 million current and 65.4 million former AT&T account holders was found on the “dark web.”
- Wider Cybersecurity Concerns: The year has seen several major data breaches, including disruptions at car dealerships due to attacks on software provider CDK Global and a hacking attempt at the Alabama State Department of Education.
- Market Reaction: Shares of AT&T Inc. fell more than 2% before the markets opened on Friday.
The Associated Press has the story:
Data of nearly all AT&T customers downloaded to a 3rd-party platform in a 2022 security breach
Newslooks- (AP)
The data of nearly all customers of the telecommunications giant AT&T was downloaded to a third-party platform in a 2022 security breach, the company said Friday, in a year already rife with massive cyberattacks. The breach hit customers of AT&T’s cellular customers, customers of mobile virtual network operators using AT&T’s wireless network, as well as its landline customers interacted with those cellular numbers.
A company investigation determined that compromised data includes files containing AT&T records of calls and texts between May 1, 2022 and Oct. 31, 2022. AT&T has more than 100 million customers in the U.S. and almost 2.5 million business accounts.
The company said Friday that it has launched an investigation and engaged with cybersecurity experts to understand the nature and scope of the criminal activity. “The data does not contain the content of calls or texts, personal information such as Social Security numbers, dates of birth, or other personally identifiable information,” AT&T said Friday.
The compromised data also doesn’t include some information typically seen in usage details, such as the time stamp of calls or texts, the company said. The data doesn’t include customer names, but the AT&T said that there are often ways, using publicly available online tools, to find the name associated with a specific telephone number. AT&T said that it currently doesn’t believe that the data is publicly available.
The compromised data also includes records from Jan. 2, 2023, for a very small number of customers. The records identify the telephone numbers an AT&T or MVNO cellular number interacted with during these periods. For a subset of records, one or more cell site identification number(s) associated with the interactions are also included.
The company continues to cooperate with law enforcement on the incident and that it understands that at least one person has been apprehended so far. The year has already been marked by several major data breaches, including an earlier attack on AT&T. In March AT&T said that a dataset found on the “dark web” contained information such as Social Security numbers for about 7.6 million current AT&T account holders and 65.4 million former account holders.
AT&T said at the time that it had already reset the passcodes of current users and would be communicating with account holders whose sensitive personal information was compromised. There’s also been major disruptions at car dealerships in North America after software provider CDK Global faced back-to-back cyberattacks. And Alabama’s education superintendent said earlier this month that some data was “breached” during a hacking attempt at the Alabama State Department of Education. Shares of AT&T Inc., based in Dallas, fell more than 2% before the markets opened on Friday.