- AT&T says hackers stole call and text records from "nearly all" of its wireless customers.
- The data includes the phone numbers that customers interacted with.
AT&T says that call and text records from almost all of its wireless customers were stolen in a hack earlier this year.
The carrier said on Friday that it learned in April that customer data had been "illegally downloaded" from its workspace on a third-party cloud platform.
The compromised data includes files containing AT&T records of calls and texts of "nearly all of AT&T's cellular customers, customers of mobile virtual network operators (MVNOs) using AT&T's wireless network, as well as AT&T's landline customers who interacted with those cellular numbers between May 1, 2022 - October 31, 2022."
For a "very small" group of customers, the compromised data also includes records from January 2, 2023, AT&T said.
AT&T said that the compromised records show the telephone numbers an AT&T or MVNO cellular number interacted with. In some cases, the records also include cell site identification numbers.
The data doesn't contain the content of calls or texts, personal information such as Social Security numbers and dates of birth, or time stamps of calls or texts, AT&T said.
"While the data does not include customer names, there are often ways, using publicly available online tools, to find the name associated with a specific telephone number," AT&T said.
"At this time, we do not believe that the data is publicly available," AT&T said.
It added that it had recruited leading cybersecurity experts and had taken steps to close off the illegal access point.
"We are working with law enforcement in its efforts to arrest those involved in the incident," AT&T said. "We understand that at least one person has been apprehended."
The carrier said that it would inform affected current and former customers about the hack. "We sincerely regret this incident occurred and remain committed to protecting the information in our care," it said.