AT&T announced Friday that hackers stole 2022 data of “nearly all” of its cellular customers off the company's workspace on a third-party cloud platform.

Caption

AT&T announced Friday that hackers stole 2022 data of “nearly all” of its cellular customers off the company's workspace on a third-party cloud platform. / AFP via Getty Images

AT&T says hackers stole 2022 data of “nearly all” of its cellular customers from the company's workspace on a third-party cloud platform.

The Dallas-based telecommunications company announced the massive data breach in a regulatory filing and press release on Friday morning, which said it believes the data is no longer publicly available.

“AT&T has taken additional cybersecurity measures in response to this incident including closing off the point of unlawful access,” it added.

The company wrote that it first learned of the incident in April, but the U.S. Justice Department determined in May and again in June that “a delay in providing public disclosure was warranted” until now.

The Justice Department issued a statement confirming that it's investigating the breach.

"AT&T’s cooperation with the Department in this matter, including its timely advance notification to the FBI, benefited the Department’s ongoing efforts to investigate the incident," the statement says.

AT&T’s investigation found that an unspecified number of “threat actors” exfiltrated files in April containing the records of phone calls and text messages of “nearly all AT&T cellular customers” between May and October 2022, as well as a smaller number of customers on Jan. 2, 2023.

An AT&T spokesperson described the information taken as “aggregated metadata,” holding information about the calls and texts but not their contents.

The records identify other telephone numbers with which affected customers interacted, including AT&T landline numbers, as well as counts of those calls and texts and the total call durations for specific days or months.

“For a subset of the records, one or more cell site ID numbers associated with the interactions are also included,” it adds.

AT&T says the data does not include the substance or time stamps of those calls and texts, nor birthdays, social security numbers or other “personally identifiable information.” Though there is a catch.

“While the data does not include customer names, there are often ways, using publicly available online tools, to find the name associated with a specific telephone number,” it cautions.

AT&T says it is working with law enforcement to arrest the perpetrators, and “understands that at least one person has been apprehended” so far.

The company says it will notify impacted users by text, email or U.S. mail, and has also set up a webpage where current and former customers can check to see if their information was involved.

Those affected can follow an online process to obtain the phone numbers of their calls and texts in the downloaded data. AT&T says the option to request that information will be in place through the end of this year.

And for those concerned about potential phishing and online fraud, it offers some evergreen advice, including not replying to a text from an unknown sender with personal details and making sure websites are secure by looking for the “s” after “http” in the address.

It adds that customers who suspect suspicious text activity should forward the message to AT&T, and report any suspected fraud on their AT&T wireless account to its team.

This is not the first data breach that AT&T has reported this year.

It said in March that it had reset the passcodes of about 7.6 million users after it discovered a dataset on the “dark web” containing Social Security numbers and other personal information of some 70 million current and former account holders.

Separately, AT&T gave $5 to certain customers affected by a nearly 12-hour nationwide outage back in February.

Verizon, Ticketmaster, Dell and Bank of America are among the other companies that have reported major data breaches this year, affecting millions of people altogether.

Correction

This story has been updated to reflect that hackers downloaded the customer data from a third-party platform.