By David Shepardson
WASHINGTON (Reuters) -AT&T said on Friday the company suffered a massive hacking incident as data from about 109 million customer accounts containing records of calls and text messages dating back to 2022 was illegally downloaded in April.
The US telecom company said the FBI is investigating and at least one person has been arrested after AT&T (NYSE:) call logs from its workspace were copied onto a third-party cloud platform, representing a significant breach of consumers’ communications data.
The AT&T breach is the latest major hack to affect a large number of Americans, following a ransomware attack on UnitedHealth Group’s (NYSE:) Change Healthcare unit (NASDAQ:) in February that affected an estimated one-third of the Americans were hit. country whose private information may have been made public.
AT&T said the compromised data included files containing AT&T records of calls and text messages from nearly all of AT&T’s mobile and landline customers who communicated with those mobile numbers between May and October 2022. The data does not include the content of calls or text messages or personal information such as social security numbers.
AT&T shares fell 1.2% in early trading. AT&T had postponed disclosure of the hack at the request of the Justice Department.
The FBI did not identify any suspects Friday, but said it was working with AT&T and the Justice Department “jointly during the first and second delay processes, while simultaneously sharing key threat information to strengthen FBI investigative tools and support AT&T’s incident response work.”
The Federal Communications Commission said it also has an ongoing investigation.
The compromised data also included records from January 2, 2023 for a small number of customers.
AT&T said it first learned on April 19 that a hacker had claimed to have unlawfully accessed and copied AT&T’s call logs. The company said the investigation revealed that hackers unlawfully exfiltrated files containing AT&T records of customer call and text message interactions between April 14 and 25. The data also includes AT&T customers of mobile virtual network operators using AT&T’s wireless network.
This data identifies phone numbers that a wireless number interacted with during these periods and the total call duration. A subset of records contains one or more cell location identification numbers.
AT&T said it has closed the point of unlawful access and does not believe the data is publicly available.
In March, AT&T said it was investigating a dataset released on the “dark web” and that preliminary analysis showed it had affected approximately 7.6 million current account holders and 65.4 million former account holders. The company said the dataset appeared to be from 2019 or earlier.
