“Almost all” call and SMS data of AT&T mobile customers exposed in massive data theft

The call and SMS records of millions of AT&T mobile customers were exposed to a massive data breach in mid to late 2022, the telecommunications company announced on Friday.

AT&T blamed an “illegal download” on a third-party cloud platform that it learned about in April – just as the company was grappling with an unrelated major data breach.

AT&T said the compromised data included the phone numbers of “almost all” of its mobile customers and mobile virtual network operator customers on its network between May 1, 2022 and October 31, 2022.

The data of a “very small number” of customers on January 2, 2023 were also affected, according to AT&T said.

AT&T had around 110 million mobile subscribers at the end of 2022.

The violation also affected AT&T landline customers who have interacted with these mobile numbers.

AT&T said no customer names were exposed in this incident, but the company acknowledged that publicly available tools can often link names to specific phone numbers.

Over and beyond&T said that for an undisclosed portion of its records, one or more mobile identification numbers associated with the calls and text messages were also disclosed. Such data could reveal the approximate geographic location of one or more of the participants.

“At this time, we do not believe that the data is publicly available,” said AT&T said in a statement. “We sincerely regret this incident and remain committed to protecting the information entrusted to us.”

AT&T promised to notify current and former customers whose information was affected and provide them with resources to protect their information.

Although the data theft revealed telephone and SMS data,&T said it did not include the content of the calls or text messages, nor did it include personal information such as social security numbers, dates of birth or other personally identifiable information.

Usage details such as the time of calls and text messages were also not compromised.

AT&T spokesman Alex Byers told CNN that this new incident was “in no way related to an incident that came to light in March.”&T said personal information such as social security numbers of 73 million current and former customers had been published on the dark web.

In the new incident&T told CNN that it learned in April that customer data had been illegally downloaded from its workspace on Snowflake, a third-party cloud platform.

AT&T said it had launched an investigation, hired cybersecurity experts and taken steps to close the “illegal access point.”

The company said it was assisting law enforcement in apprehending those responsible and that it was aware that at least one person had already been arrested.

(The-CNN-Wire & 2024 Cable News Network, Inc., a Time Warner company. All rights reserved.)