AT&T said in a regulatory filing Friday that a hacker was able to steal the records of calls and texts for "nearly all" of its customers.
The company launched an investigation after finding out on April 19 that a hacker "claimed to have unlawfully accessed and copied AT&T call logs," the company said in a filing with the U.S. Securities and Exchange Commission (SEC).
The hacker illegally gained access to a AT&T workspace on a third-party cloud platform and exfiltrated files containing AT&T records of customer call and text interactions that occurred between May 1 and Oct. 31, 2022, AT&T said in the filing. Data was also compromised for a "very small number" of customers on Jan. 2, 2023, AT&T said in a separate release.
FOX Business reached out to AT&T for comment.
AT&T DATA BREACH EXPOSES 73 MILLION CURRENT, FORMER ACCOUNTS ON DARK WEB, COMPANY SAYS
The data specifically includes records of calls and texts of nearly all of AT&T's cellular customers, customers of mobile virtual network operators using AT&T's wireless network, as well as AT&T's landline customers who interacted with those cellular numbers, the company said.
These records identify things such as telephone numbers with which an AT&T or MVNO wireless number interacted during the afromentioned periods, including telephone numbers of AT&T wireline customers and customers of other carriers and counts of those interactions as well as aggregate call duration for a day or month.
The data does not contain what was said on the calls or in the messages. The hacker also didn't get any personal information such as Social Security numbers or dates of birth.
NEW YORK AG OPENS INVESTIGATION INTO RECENT AT&T OUTAGE
However, while the data doesn't include the customer's name, AT&T said there are often ways to find the name associated with a specific telephone number through certain pubically available online tools.
The company said it launched an investigation into the incident and has "engaged leading cybersecurity experts to understand the nature and scope of the criminal activity."
The company said it also closed off "the point of unlawful access."
GET FOX BUSINESS ON THE GO BY CLICKING HERE
One person has been arrested, though the company is continuing to work with law enforcement to arrest others involved.
This incident is the latest woe facing the company in recent months. It occurred shortly after the company discovered a data breach in March exposing 73 million current and former accounts on the dark web.
AT&T also had back-to-back service issues; a broad network outage in February that lasted about 10 hours, followed by another incident in June.