On Friday, telecommunications giant American Telephone and Telegraph Company (AT&T) announced that it had discovered a major hacking attack in April of this year, affecting approximately 109 million mobile phone users with data including call and text records being illegally downloaded.
The Federal Communications Commission (FCC) stated on Friday that it had intervened to investigate this large-scale hack. AT&T mentioned that the Federal Bureau of Investigation (FBI) has begun an investigation.
AT&T disclosed that hackers illegally obtained phone numbers of “virtually all” mobile users who used the company’s network between May 1, 2022, and October 31, 2022, along with every number those users dialed or texted, including the frequency of interactions and call durations.
The leaked records also included users who were AT&T customers using the company’s wireless network through mobile virtual network operators.
AT&T clarified that records from January 2, 2023, were also part of the data breach but only involved “very few” users.
Fixed-line telephone customers who interacted with the stolen data phone numbers were also affected.
However, AT&T assured that the contents of calls and texts on the breached accounts were not leaked. The stolen data did not include international calls, except for calls to Canada.
AT&T stated: “This data does not include the content of calls or texts, nor does it include personal information such as social security numbers, birth dates, or other personal identifying information.”
Furthermore, AT&T mentioned that the stolen data did not include some details usually seen in usage statements, such as timestamps for calls or texts or user names. However, the company acknowledged that specific phone numbers could potentially be linked to names through publicly available online tools.
The company mentioned that it had initiated an investigation and was collaborating with cybersecurity experts to comprehend the nature of this criminal activity and the extent of its involvement while taking measures to close “illegitimate access points.”
According to the company, the hackers infiltrated a third-party cloud platform to steal data, which was discovered in April this year while dealing with other data leak issues. Following the guidance of the U.S. Department of Justice, the company delayed the public disclosure of this event.
The telecommunications giant stated that the FBI was investigating the incident and at least one person had been arrested. The company pledged to continue cooperating with law enforcement agencies regarding this event.
FCC spokesperson Jonathan Uriarte mentioned: “The agency is conducting an investigation and coordinating with our law enforcement partners.”
AT&T announced that it would notify customers about this incident and establish a website where customers could check if their data had been compromised.
AT&T users can visit att.com/DataIncident for more information.
The company added that this event did not have a substantial impact on its operations.
However, despite this, on Friday, AT&T’s stock price fell by 2% in pre-market trading.