AT&T Addresses Illegal Download of Customer Data
In April, AT&T (NYSE: T) detected illegal downloads of customer data from a third-party cloud platform. An investigation, involving top cybersecurity experts, was promptly launched to assess the criminal activity's scope. Law enforcement efforts led to at least one arrest.
The breach impacted records of calls and texts for nearly all AT&T cellular customers, MVNO customers using AT&T's network, and landline customers whose numbers interacted with cellular numbers between May 1, 2022, and October 31, 2022. Additionally, records for a small subset of customers from January 2, 2023, were affected. The data included telephone numbers and, in some cases, cell site identification numbers but excluded content of communications and personal identifiers like Social Security numbers.
AT&T assures that there is no evidence the data is publicly accessible. The company will notify affected customers and offer resources for data protection. For more information, visit att.com/DataIncident.
- AT&T has taken steps to close off the access point used in the data breach.
- The company's swift action led to at least one arrest in cooperation with law enforcement.
- Customer data, including call and text records for nearly all AT&T cellular users, has been compromised.
- The breach impacts a wide range of customers, including those from MVNOs using AT&T's network and landline customers.
- Potential risk exists due to the availability of tools to identify customer names associated with compromised numbers.
AT&T is working with law enforcement in its efforts to arrest those involved in the incident. For more information, visit att.com/DataIncident.
Based on our investigation, the compromised data includes files containing AT&T records of calls and texts of nearly all of AT&T's cellular customers, customers of mobile virtual network operators (MVNOs) using AT&T's wireless network, as well as AT&T's landline customers who interacted with those cellular numbers between May 1, 2022 - October 31, 2022. The compromised data also includes records from January 2, 2023, for a very small number of customers. The records identify the telephone numbers an AT&T or MVNO cellular number interacted with during these periods. For a subset of records, one or more cell site identification number(s) associated with the interactions are also included.
The data does not contain the content of calls or texts, personal information such as Social Security numbers, dates of birth, or other personally identifiable information. It also does not include some typical information you see in your usage details, such as the time stamp of calls or texts. While the data does not include customer names, there are often ways, using publicly available online tools, to find the name associated with a specific telephone number.
At this time, we do not believe that the data is publicly available.
Our top priority, as always, is our customers. We will provide notice to current and former customers whose information was involved along with resources to help protect their information. We sincerely regret this incident occurred and remain committed to protecting the information in our care. Customers can visit att.com/DataIncident for more information.
About AT&T
We help more than 100 million
View original content to download multimedia:https://www.prnewswire.com/news-releases/att-addresses-illegal-download-of-customer-data-302195733.html
SOURCE AT&T
FAQ
What data was compromised in AT&T's April 2024 breach?
Did the AT&T data breach include personal information?
How is AT&T handling the April 2024 data breach?
Is the compromised AT&T data publicly available?
What steps has AT&T taken following the data breach?
