AT&T revealed Friday that a cyberattack breached the data of “nearly all” of its cellular customers and downloaded it to a third-party cloud platform.
The telecom giant has “taken steps” to close off the illegal access point and is working with law enforcement to track down the hackers. At least one person has already been apprehended, AT&T said.
“At this time, we do not believe that the data is publicly available,” AT&T said in a statement.
The stolen data included records of phone call and texts of cellular customers, wireless network customers and landline customers who interacted with cellular customers all between May 2022 and October 2022. The stolen data also includes a small number of customer records from Jan. 2, 2023.
The stolen data does not include the contents of users’ phone calls and text messages, and the hackers did not steal personal information like Social Security numbers or dates of birth, the company said.
The stolen data also does not include time stamps, so the hackers can see which users interacted and how many times, but not when they interacted.
The telecommunications company said it first learned of the data breach in April.
What can hackers do with the stolen data?
Hackers often use stolen data like Social Security numbers, bank information or dates of birth to commit identify theft or fraud. But AT&T said the data breach did not include personal information.
The incident is likely more of a worry for AT&T, who now knows of a greater potential for future breaches. Hackers sometimes use a data breach as extortion to force a company to pay ransom for stolen data.
This is not the first time AT&T has struggled to prevent a data leak. The company reset the passwords of more than 7 million customers in March after a data breach. The company said the hackers may have released customers’ full names and Social Security numbers onto the “dark web,” putting AT&T customers at risk of identity theft.
What should AT&T customers do now?
Although the company assured customers that personal information was not breached, there are steps customers can take to stay on the safe side.
Customers should update their account passwords and monitor their accounts for unusual activity after a data breach.
If customers are worried about a personal information leak, they should monitor their bank account closely and contact their credit card company if they notice suspicious activity.
