Telecommunications giant AT&T announced on Friday that it had experienced a large-scale hacker attack in April this year, where data of about 109 million mobile users, including call and text records, was illegally downloaded.
The Federal Communications Commission (FCC) stated on Friday that they have intervened to investigate this major hacker attack incident. AT&T mentioned that the Federal Bureau of Investigation (FBI) has also launched an investigation.
AT&T revealed that hackers illegally obtained phone numbers of “almost all” mobile users who used the company’s network between May 1, 2022, and October 31, 2022, along with every number those users called or texted, including the frequency of interaction and duration of calls.
Among the leaked records were users who used AT&T’s wireless network through mobile virtual network operators.
Records from January 2, 2023, were also included in the data breach, but only a “very small number” of users were affected.
Fixed-line telephone customers who interacted with the stolen data of mobile numbers were also impacted.
However, AT&T clarified that call and message content from compromised accounts was not leaked. The stolen data did not include international calls except those to Canada.
AT&T stated, “The data does not include the content of calls or messages, nor does it include personal identifying information such as social security numbers, birth dates, or other personal identity information.”
AT&T also mentioned that the stolen data did not include some information typically seen in usage details, such as timestamps of calls or messages, or user names. Nevertheless, the company admitted that specific phone numbers can often be linked to names through publicly available online tools.
The company reported that an investigation is underway, collaborating with cybersecurity experts to understand the nature and extent of this criminal act while taking measures to shut down the “illegal access points.”
According to AT&T, hackers infiltrated a third-party cloud platform to steal the data, discovered during the handling of other data breach issues in April this year. Following the advice of the US Department of Justice, the company postponed the public disclosure of this incident.
AT&T stated that the FBI is investigating the matter, with at least one individual already arrested. The company plans to continue cooperating with law enforcement agencies regarding this incident.
FCC spokesperson Jonathan Uriarte stated, “The agency is investigating and coordinating with our law enforcement partners.”
AT&T mentioned that they would notify customers about the incident and create a website where customers could check if their data was compromised.
AT&T users can visit att.com/DataIncident for more information.
The company added that this incident did not have a substantial impact on its operations.
However, despite this, AT&T’s stock price fell by 2% in pre-market trading on Friday.