AT&T announced a significant data breach affecting nearly all of its mobile phone customers, marking one of the largest private communications data breaches. The stolen data includes call and text records from May 1, 2022, to October 31, 2022, and some data from early 2023. While the content of communications was not accessed, the potential exists for identifying customer names through other tools. The breach was discovered in April, and AT&T reported it to the FBI, leading to collaborative efforts to address the incident
Public disclosure was delayed due to potential national security risks, but the company worked with the FBI and the Justice Department to address the threat. The Federal Communications Commission (FCC) is also investigating the breach. AT&T reported the breach to the FBI, delayed public disclosure twice due to national security concerns, and has since closed the illegal access point. At least one suspect has been apprehended.
AT&T has taken steps to close off the illegal access point and is cooperating with law enforcement. The company stated that one person has been apprehended in connection with the breach. The FBI confirmed that the investigation involved collaborative efforts to bolster their investigative equities and assist AT&T’s incident response work.
This breach underscores the vulnerability of customer data even with large telecom companies. While the content of the calls and texts was not accessed, the ability to infer customer names through other tools poses a risk.
