The Spokesman-Review Newspaper
The Spokesman-Review Newspaper The Spokesman-Review
Spokane, Washington  Est. May 19, 1883
Current Temperature
93°F
Current Conditions
Clear sky
View complete weather report

Color Scheme

Subscribe now

AT&T says phone data of ‘nearly all’ customers was breached in 2022

A cyberattack on telecommunications giant AT&T compromised data that included files containing AT&T records of calls and texts from more than 100 million cellular customers, wireless network customers and landline customers from May 2022 through October 2022, and records from Jan. 2, 2023, for a small number of customers, the company said. (Dreamstime)
By Jenny Gross and Danielle Kaye New York Times

A cyberattack on telecommunications giant AT&T exposed phone records from “nearly all” of its customers but did not compromise the content of calls or texts, the company said Friday.

“We have taken steps to close off the illegal access point,” AT&T said in a statement. The company said it was working with law enforcement to identify those involved and that at least one person had been arrested.

The compromised data included files containing AT&T records of calls and texts from more than 100 million cellular customers, wireless network customers and landline customers from May 2022 through October 2022, and records from Jan. 2, 2023, for a small number of customers, the company said.

The records identify the telephone numbers an AT&T cellular number interacted with during those periods but does not contain the content of calls or texts or information such as Social Security numbers, passwords or other personally identifiable information, the company said.

“At this time, we do not believe that the data is publicly available,” AT&T said. The company will notify current and former customers whose information was involved in the breach, it added.

Chris Pierson, CEO of cybersecurity company BlackCloak, said the incident appears to pose more of a national security concern than a risk to individual consumers.

AT&T has contracts to provide communications services for several federal agencies, including the State Department, Department of Homeland Security and the Department of Defense. The company did not immediately respond to a request for comment on how federal customers’ phone logs may have been affected by the breach.

The Federal Communications Commission said on social media that it was investigating the breach and coordinating with law enforcement.

In a regulatory filing, AT&T said it became aware of the breach in April. The Justice Department requested in May and June that AT&T delay the public disclosure of the incident because of “a substantial risk to national security and public safety,” a spokesperson for the department said.

Customer data was downloaded from a third-party cloud platform called Snowflake, which the company relies on to work with large amounts of data in a centralized place, said an AT&T spokesperson, Jim Kimberly.

Snowflake did not immediately respond to a request for comment.

This article originally appeared in The New York Times.