A security breach at AT&T exposed call and text data from nearly all of its customers, the company revealed Friday.
The records of most of AT&T’s cellular customers between May and October 2022, as well as a single day in January 2023, were illegally downloaded from its workspace on a third-party cloud platform, AT&T said.
The data identifies other phone numbers that AT&T customers interacted with and, in some cases, cell site ID numbers associated with the interactions.
The breach did not include the content of customers’ calls or texts, time stamps or any identifying information, such as Social Security numbers or dates of birth. However, AT&T noted that there are other ways to find the name associated with a phone number.
The telecom giant, which first learned of the breach in April, said it has “taken steps to close off the illegal access point” and is working with law enforcement. At least one person has been apprehended, according to AT&T.
“Our top priority, as always, is our customers,” AT&T said in a press release. “We will provide notice to current and former customers whose information was involved along with resources to help protect their information. We sincerely regret this incident occurred and remain committed to protecting the information in our care.”
Sen. Ron Wyden (D-Ore.) called on the Federal Communications Commission (FCC) to hold phone carriers accountable for their “negligence” in the wake of the massive security breach.
“This is not the first data breach revealed by a major phone company and it won’t be the last,” Wyden said in a statement. “These hacks, which are almost always the result of inadequate cybersecurity, won’t end until the FCC starts holding the carriers accountable for their negligence. These companies will keep shortchanging customer security until it hits them in the wallet with billion dollar fines.”
Updated at 10:45 a.m. ET.