By Herzlich
AT&T revealed Friday that a cyberattack breached the data of “nearly all” of its cellular customers after downloading it from a third-party cloud platform.
The telecom giant has “taken steps” to close off the illegal access point and is working with law enforcement to track down the hackers. At least one person has already been arrested, AT&T said.
“We have an ongoing investigation into the AT&T breach and we’re coordinating with our law enforcement partners,” the FCC posted on X.
AT&T said it does not believe the data is public “at this time.”
“The company will notify current and former customers whose information was involved in the breach,” an AT&T spokesperson told.
The stolen data included records of phone calls and texts of cellular customers, wireless network customers and landline customers who interacted with cellular customers all between May 2022 and October 2022. The stolen data also include a small number of customer records from Jan. 2, 2023.
The stolen data do not include the contents of users’ phone calls and text messages, and the hackers did not steal personal information like Social Security numbers or dates of birth, the company said.
The stolen data also do not include time stamps, so the hackers can see which users interacted and how many times, but not when they interacted.
The telecommunications company said it first learned of the data breach in April.
What can hackers do with the stolen data?
Hackers often use stolen data like Social Security numbers, bank information or dates of birth to commit identify theft or fraud. But AT&T said the data breach did not include personal information.
The incident is likely more of a worry for AT&T, which now knows of a greater potential for future breaches. Hackers sometimes use a data breach as extortion to force a company to pay ransom for stolen data.
This is not the first time AT&T has struggled to prevent a data leak. The company reset the passwords of more than 7 million customers in March after a data breach. The company said the hackers may have released customers’ full names and Social Security numbers onto the “dark web,” putting AT&T customers at risk of identity theft.
What should AT&T customers do now?
Although the company assured customers that personal information was not breached, there are steps customers can take to stay on the safe side.
Customers should update their account passwords and monitor their accounts for unusual activity after a data breach.
If customers are worried about a personal information leak, they should monitor their bank account closely and contact their credit card company if they notice suspicious activity.
