1 year ago
22
The telephone and substance connection records of tens of millions of AT&T cellphone customers successful mid-to-late 2022 were exposed successful a monolithic information breach, the telecom institution revealed Friday.
AT&T blamed an "illegal download" connected a third-party unreality level that it learned astir successful April - conscionable arsenic the institution was grappling with an unrelated large information leak.
AT&T said the compromised information includes the telephone numbers of "nearly all" of its cellular customers and the customers of mobile virtual web operators connected its web betwixt May 1, 2022 and October 31, 2022.
The records of a "very tiny number" of customers connected January 2, 2023 were besides implicated, AT&T said.
AT&T listed astir 110 cardinal wireless subscribers arsenic of the extremity of 2022.
The breach besides included AT&T landline customers who interacted with those compartment numbers.
AT&T said lawsuit names were not exposed successful this incident, nevertheless the institution acknowledged that publicly-available tools tin often nexus names with circumstantial telephone numbers.
Additionally, AT&T said that for an undisclosed subset of its records, 1 oregon much compartment tract recognition numbers linked to the calls and texts were besides exposed. Such information could uncover wherever the wide geographic determination of 1 oregon much of the parties.
"At this time, we bash not judge that the information is publically available," AT&T said successful a statement. "We sincerely regret this incidental occurred and stay committed to protecting the accusation successful our care."
AT&T promised to notify existent and erstwhile customers whose accusation was progressive and supply them resources to support their information.
Although the breach exposed telephone and substance records, AT&T said it does not incorporate the contents of the calls oregon texts, nor does it incorporate idiosyncratic accusation specified arsenic Social Security numbers, dates of commencement oregon different personally identifiable information.
Usage details specified arsenic the clip of calls and substance messages were not compromised either.
AT&T spokesperson Alex Byers told CNN that this caller incidental has "no transportation successful immoderate way" to an incidental disclosed successful March. At that time, AT&T said idiosyncratic accusation specified arsenic Social Security numbers connected 73 cardinal existent and erstwhile customers was released onto the acheronian web.
In the caller incident, AT&T told CNN it learned successful April that lawsuit information was illegally downloaded from its workspace connected Snowflake, a third-party unreality platform.
AT&T said it launched an investigation, hired cybersecurity experts and took steps to adjacent the "illegal entree point."
The institution said it's cooperating with instrumentality enforcement's efforts to apprehend those liable and understands astatine slightest 1 idiosyncratic has already been arrested.
(The-CNN-Wire & 2024 Cable News Network, Inc., a Time Warner Company. All rights reserved.)
