AT&T revealed Friday that a cyberattack breached the data of “nearly all” of its cellular customers and downloaded it to a third-party cloud platform.
The telecom giant has “taken steps” to close off the illegal access point and is working with law enforcement to track down the hackers. At least one person has already been apprehended, AT&T said.
“At this time, we do not believe that the data is publicly available,” AT&T said in a statement.
The stolen data included records of phone call and texts of cellular customers, wireless network customers and landline customers who interacted with cellular customers all between May 2022 and October 2022. The stolen data also includes a small number of customer records from Jan. 2, 2023.
The stolen data does not include the contents of users’ phone calls and text messages, and the hackers did not steal personal information like Social Security numbers or dates of birth, the company said.
The stolen data also does not include time stamps, so the hackers can see which users interacted and how many times, but not when they interacted.
The telecommunications company said it first learned of the data breach in April.
What can hackers do with the stolen data?
Hackers often use stolen data like Social Security numbers, bank information or dates of birth to commit identify theft or fraud. But AT&T said the data breach did not include personal information.
The incident is likely more of a worry for AT&T, who now knows of a greater potential for future breaches. Hackers sometimes use a data breach as extortion to force a company to pay ransom for stolen data.