ISTANBUL
American telecommunications firm AT&T said Friday that six months of customers’ call and text data were stolen in 2022, according to its filing with the US Securities and Exchange Commission.
The company said it learned on April 19 that “a threat actor” claimed to have unlawfully accessed and copied AT&T call logs, and the firm immediately activated its incident response process to investigate and retained external cybersecurity experts to assist.
AT&T said, based on the investigation, it believes that threat actors unlawfully accessed an AT&T workspace on a third-party cloud platform.
The stolen files contained AT&T records of customer call and text interactions that occurred between around May 1 to Oct. 31, 2022, as well as on Jan. 2, 2023, said the statement.
The data, however, does not contain the content of calls or texts, nor personal information such as customers’ social security numbers, dates of birth, or other personally identifiable information, it said..
“Current analysis indicates that the data includes, for these periods of time, records of calls and texts of nearly all of AT&T’s wireless customers and customers of mobile virtual network operators using AT&T’s wireless network,” said the statement.
“While the data does not include customer names, there are often ways, using publicly available online tools, to find the name associated with a specific telephone number,” it added.
AT&T said it has taken additional cybersecurity measures in response to the incident, and it will provide notice to its current and former customers affected from the incident.