Cybersecurity

AT&T, FBI release statements after ‘nearly all' AT&T customers' cell, text records stolen by hackers

The breach also impacts AT&T landline customers that interacted with affected cellular numbers

Millions of AT&T customers have been impacted by a security breach, the company announced Friday, with hackers stealing six months worth of call and text message records.

The breach also impacts AT&T landline customers that interacted with affected cellular numbers, the company said.

According to NBC News, the company said in an SEC filing that it learned from an internal investigation that in April, hackers "unlawfully accessed and copied AT&T call logs" that were saved on a third-party cloud platform.

The investigation revealed that compromised data included phone and text message records of "nearly all" AT&T customers from May 1, 2022 to Oct. 31, 2022, as well as Jan. 2, 2023.

AT&T added that it is assisting law enforcement in efforts to arrest the hackers. "Based on information available to AT&T, it understands that at least one person has been apprehended," the company said.

By Friday afternoon, both AT&T and the FBI had released statements about the matter.

AT&T's full statement can be found below:

We learned that AT&T customer data was illegally downloaded from our workspace on a third-party cloud platform. We started an investigation and engaged leading cybersecurity experts to help us determine the nature and scope of the issue. We have confirmed the access point has been secured.

Our investigation found that the downloaded data included phone call and text message records of nearly all of AT&T cellular customers from May 1, 2022 to October 31, 2022 as well as on January 2, 2023. These records identify other phone numbers that an AT&T wireless number interacted with during this time, including AT&T landline (home phone) customers. For a subset of the records, one or more cell site ID numbers associated with the interactions are also included.

At this time, we do not believe the data is publicly available. We continue to work with law enforcement in their efforts to arrest those involved. Based on information available to us, we understand that at least one person has been apprehended.

The call and text records identify the phone numbers with which an AT&T number interacted during this period, including AT&T landline (home phone) customers. It also included counts of those calls or texts and total call durations for specific days or months.

We’ll notify current and former customers if their information was involved.

The downloaded data doesn’t include the content of any calls or texts. It doesn’t have the time stamps for the calls or texts. It also doesn’t have any details such as Social Security numbers, dates of birth, or other personally identifiable information.

While the data doesn’t include customer names, there are often ways to find a name associated with a phone number using publicly available online tools.

Protecting your data is one of our top priorities. We have confirmed the affected access point has been secured.

We hold ourselves to a high standard and commit to delivering the experience that you deserve. We constantly evaluate and enhance our security to address changing cybersecurity threats and work to create a secure environment for you. We invest in our network’s security using a broad array of resources including people, capital, and innovative technology advancements.

The FBI's full statement can be found below:

Shortly after identifying a potential breach to customer data and before making its materiality decision, AT&T contacted the FBI to report the incident. In assessing the nature of the breach, all parties discussed a potential delay to public reporting under Item 1.05(c) of the SEC Rule, due to potential risks to national security and/or public safety. AT&T, FBI, and DOJ worked collaboratively through the first and second delay process, all while sharing key threat intelligence to bolster FBI investigative equities and to assist AT&T’s incident response work. The FBI prioritizes assistance to victims of cyber-attacks, encourages organizations to establish a relationship with their local FBI field office in advance of a cyber incident, and to contact the FBI early in the event of breach.

How to know if you were impacted by the hack

Customers affected by the hack will be contacted by text, email or U.S. mail, the company said. Those with active AT&T accounts can also check their accounts online.

Prior customers who had service at some point between May 2022 and Nov. 22 will receive a notification with an account and case number if they were affected.

How to protect from online fraud following the hack

"Data breaches are scary; they expose customers’ personal information and leave them more vulnerable to fraud," said Steve Bernas, president and CEO of the Better Business Bureau. "With many recent data breach announcements from all types of industries, it's become clear how common data breaches are, and how important it is to protect yourself and reduce identity theft risks. This is important whether you’re a customer of the affected companies or not.”

AT&T is offering the following tips for those impacted by the hack, as they now may be susceptible to online fraud attempts like phishing:

  • Only open text messages from people that you know and trust.
  • Don’t reply to a text from an unknown sender with personal details.
  • Go directly to a company’s website. Don’t use links included in a text message. Scammers can build fake websites using forged company logos, signatures, and styles.
  • Make sure a website is secure by looking for the “s” after the http in the address. You can also look for a lock icon at the bottom of a webpage.

If you suspect you are a target of fraud on your AT&T wireless number, AT&T asks that you report it to the Fraud team.

The compromised data also includes records from Jan. 2, 2023, for a very small number of customers. The records identify the telephone numbers an AT&T or MVNO cellular number interacted with during these periods. For a subset of records, one or more cell site identification number(s) associated with the interactions are also included.

The company continues to cooperate with law enforcement on the incident and that it understands that at least one person has been apprehended so far.

Shares of AT&T Inc., based in Dallas, fell more than 2% before the markets opened on Friday.

Contact Us