AT&T revealed on Friday that decision and textual content data for “almost all” of its mobile prospects have been stolen by cybercriminals throughout a breach that befell in the midst of 2022 and in early 2023.
The Dallas-based telecom large disclosed particulars of the breach in a press launch and in an SEC filing Friday morning. Within the submitting, AT&T says it discovered of the breach, by which name logs have been accessed and copied, on April 19, 2024.
Within the submitting, AT&T mentioned, “The info doesn’t comprise the content material of calls or texts, private info equivalent to Social Safety numbers, dates of start, or different personally identifiable info. Present evaluation signifies that the information contains, for these durations of time, data of calls and texts of almost all of AT&T’s wi-fi prospects and prospects of cellular digital community operators (‘MVNO’) utilizing AT&T’s wi-fi community.”
The breach is only one of a sequence of cybersecurity assaults and privacy-related PR disasters AT&T has handled previously few months. In March, the corporate acknowledged a vendor breach that took place in January and affected 9 million individuals. Later that month, AT&T mentioned it launched an investigation right into a data leak affecting 73 million people associated to knowledge from 2019 or earlier. And in late April, AT&T was certainly one of a number of telecom firms fined by the Federal Communications Fee for selling customer location data.
However this newest breach is notable in that it impacts the overwhelming majority of its wi-fi prospects. The corporate mentioned it plans to notify 110 million of them about what occurred and has set up a webpage with information. AT&T informed the positioning TechCrunch that the theft was associated to knowledge thefts targeting customers of the cloud data company Snowflake.
In an electronic mail to CNET, an AT&T spokesperson reiterated that the stolen knowledge was “aggregated metadata” and didn’t embrace the content material of calls or texts, or different private info equivalent to bank card or Social Safety numbers.
“The incident befell exterior of our community,” the spokesperson mentioned, including that the corporate does not imagine the information is publicly accessible.
In the SEC filing, the corporate mentioned it is working with legislation enforcement on the investigation and that at the least one individual has been arrested thus far in reference to the information theft. A spokesperson informed TechCrunch that the investigation entails the FBI and the Division of Justice.
The FCC said Friday in a publish on X that it’s investigating the AT&T breach.
