A security breach at AT&T exposed call and text data from nearly all of its customers, the company revealed Friday.
The records of most of AT&T’s cellular customers between May and October 2022, as well as a single day in January 2023, were illegally downloaded from its workspace on a third-party cloud platform, AT&T said.
The data identifies other phone numbers that AT&T customers interacted with and, in some cases, cell site ID numbers associated with the interactions.
The breach did not include the content of customers’ calls or texts, time stamps or any identifying information, such as Social Security numbers or dates of birth. However, AT&T noted that there are other ways to find the name associated with a phone number.
The telecom giant, which first learned of the breach in April, said it has “taken steps to close off the illegal access point” and is working with law enforcement. At least one person has been apprehended, according to AT&T.
“Our top priority, as always, is our customers,” AT&T said in a press release. “We will provide notice to current and former customers whose information was involved along with resources to help protect their information. We sincerely regret this incident occurred and remain committed to protecting the information in our care.”