AT&T claims hackers obtained nearly all cellular subscribers' call and text records

Tens of millions of AT&T cellphone users as well as numerous non-AT&T customers had their call and text message records from mid-to-late 2022 exposed due to a large data breach, the telecom firm disclosed on Friday.

According to AT&T, "nearly all" of its cellular customers' phone numbers as well as the customers of wireless providers that use its network between May 1, 2022 and October 31, 2022 are among the exposed data.

Records until January 2, 2023 for a "very small number of customers" are also included in the hack, according to AT&T.

Noting that "at least one person has been apprehended," the telecom behemoth claimed that it discovered the illicit download in April and is collaborating with law authorities. Although call or text content is not included in the files, AT&T claims the information indicates phone numbers that an AT&T number contacted during the relevant timeframes.

"At this time, we do not believe that the data is publicly available," AT&T said in the statement.

“We sincerely regret this incident occurred and remain committed to protecting the information in our care,” the company said in a statement about the latest breach.

As of the end of 2022, AT&T reported having about 110 million wireless customers. AT&T claimed that, with the exception of calls to Canada, no foreign calls were contained in the stolen data.

Although the company recognized that publicly available technologies can frequently correlate identities with specific phone numbers, AT&T insisted that the contents of the conversations or messages, personal information like Social Security numbers, dates of birth, or customer names were not revealed in this event.

Furthermore, according to AT&T, one or more cell site identifying numbers associated with the calls and messages were also made public for an unidentified portion of its records. Such information may disclose one or more parties' general geographic location.

On April 19, AT&T stated that it became aware of a "threat actor's claim to have illegally accessed and copied AT&T call logs." After a follow-up investigation revealed that hackers had exfiltrated material between April 14 and April 25, the corporation claimed to have "immediately" hired experts.

Delays in making public the incident were justified, the Justice Department said in a separate statement, since it might "pose a substantial risk to national security and public safety." The U.S. Federal Communications Commission announced on Friday that it is looking into the security incident.