AT&T has announced a significant security breach involving the illegal download of data from approximately 109 million customer accounts. This incident, which involved records of call and text interactions from 2022, was detected in April and is currently under investigation by the FBI. The breach occurred when hackers accessed AT&T's data stored on a third-party cloud platform.
The data, while not including the content of the communications or sensitive personal information like social security numbers, encompasses detailed records of interactions between nearly all of AT&T’s cellular and landline customers during May to October 2022. Additionally, the breach includes some data from as recently as January 2023 affecting a limited number of customers.
This breach follows several other major cybersecurity incidents, including a ransomware attack on UnitedHealth Group's Change Healthcare in February, which potentially exposed private data of one-third of the US population.
Following the discovery, AT&T delayed the public announcement at the request of the Justice Department to avoid compromising the ongoing investigation. The FBI has collaborated closely with AT&T, sharing crucial threat intelligence to aid in response efforts. The Federal Communications Commission is also conducting an investigation into the incident.
AT&T's shares saw a decline of 1.2% in early trading following the news. The company has since secured the vulnerability that allowed the breach and stated that it does not believe the stolen data has been made publicly available. Further, AT&T is continuing to investigate a separate data set from 2019 or earlier that appeared on the dark web in March, affecting millions of current and former account holders.