Nearly all AT&T cell customers’ call and text records exposed in a massive breach

by

By Matt Egan and Sean Lyngaas | CNN

The call and text message records of tens of millions of AT&T cellphone customers and many non-AT&T customers in mid-to-late 2022 were exposed in a massive data breach, the telecom company revealed Friday.

AT&T said the hacked data did not include the content of calls and text messages. At this point, the exposed data is not believed to be publicly available.

AT&T blamed an “illegal download” on a third-party cloud platform that it learned about in April – just as the company was grappling with an unrelated major data leak.

AT&T said the compromised data includes the telephone numbers of “nearly all” of its cellular customers and the customers of wireless providers that use its network between May 1, 2022 and October 31, 2022. The stolen logs also contain a record of every number AT&T customers called or texted – including customers of other wireless networks – the number of times they interacted and the call duration.

The records of a “very small number” of customers on January 2, 2023 were also implicated, AT&T said. The content of the calls and texts were not exposed, according to the company.

AT&T listed approximately 110 million wireless subscribers as of the end of 2022. AT&T said international calls were not included in the stolen data, with the exception of calls to Canada.

The breach also included AT&T landline customers who interacted with those cell numbers.

AT&T said customer names were not exposed in this incident, however the company acknowledged that publicly available tools can often link names with specific phone numbers.

Additionally, AT&T said that for an undisclosed subset of its records, one or more cell site identification numbers linked to the calls and texts were also exposed. Such data could reveal the broad geographic location of one or more of the parties.

“At this time, we do not believe that the data is publicly available,” AT&T said in a statement. “We sincerely regret this incident occurred and remain committed to protecting the information in our care.”

AT&T promised to notify current and former customers whose information was involved and provide them resources to protect their information.

Although the breach exposed phone and text records, AT&T said it does not contain the contents of the calls or texts, nor does it contain personal information such as Social Security numbers, dates of birth or other personally identifiable information.

Usage details such as the time of calls and text messages were not compromised either.

AT&T said it learned on April 19 that a “threat actor claimed to have unlawfully accessed and copied AT&T call logs.” The company said it “immediately” hired experts and a subsequent investigation determined hackers and exfiltrated files between April 14 and April 25.

The company said the US Department of Justice Department determined in May and in June that a delay in public disclosure was warranted. It’s not clear why that the US government requested that data be delayed. CNN has reached out to the Justice Department for comment.

FOLLOW US ON GOOGLE NEWS

Read original article here

Denial of responsibility! Todays Chronic is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – todayschronic.com. The content will be deleted within 24 hours.

Leave a Comment