Hackers broke into a cloud platform used by AT&T and accessed the phone records of "nearly all" of its cellular customers, AT&T announced on Friday.
AT&T said the stolen data contains phone numbers of both cellular and landline customers, as well as AT&T records of calls and text messages across a six-month period between May 1, 2022 and October 31, 2022.
AT&T said some of the stolen data includes more recent records from January 2, 2023 for a smaller, unspecified number of customers, as well as call records of customers with other cellular carriers that rely on AT&T's network.
Some of the records include cell site identification numbers linked to calls and texts, which can be used to work out the approximate location of where a call was made or message sent.
The downloaded data doesn't include the content of any calls or texts, or their time stamps, according to AT&T. It also doesn't have any details such as Social Security numbers, dates of birth, or other personally identifiable information.
AT&T said it learned of the data breach on April 19, and that it is unrelated to an earlier security incident in March. The company said it does not believe the data is publicly available at this time, and it continues to work with law enforcement to identify and apprehend those involved. At least one person is said to have been arrested.
AT&T told TechCrunch that the most recent compromise of customer records were stolen from the cloud data giant Snowflake during a recent spate of data thefts targeting Snowflake's customers. Other companies that have confirmed stolen data from Snowflake include Ticketmaster, QuoteWizard, and others.
Cybersecurity researchers from incident response firm Mandiant say the hacker group is mostly based in the US and those involved are financially motivated.
AT&T customers concerned about phishing and smishing scams should visit the company's support article, which also includes advice on how to protect yourself from online fraud.
