AT&T on Friday disclosed that hackers had accessed records of calls and texts of "nearly all" its cellular customers for a six-month period between May 1, 2022 to Oct. 31, 2022.
In its statement, AT&T said the compromised data doesn't include the content of the calls or texts, or personal information such as Social Security numbers, birth dates or other personally identifiable information.
The hack also includes records from Jan. 2, 2023 for a "very small number of customers," AT&T said.
The telecom giant said that it learned about the illegal download in April, and that it is working with law enforcement, noting that "at least one person has been apprehended." While the files don't include call or text content, AT&T said the data identifies telephone numbers that an AT&T number interacted with during the periods.
"At this time, we do not believe that the data is publicly available," AT&T said in the statement.
This data breach is separate from one disclosed earlier this year by AT&T, the company told CBS MoneyWatch in an email. In that case, hackers have stolen personal information for millions of current and former AT&T customers, with the fraudsters sharing the data on the dark web.
AT&T data breach: Was I affected?
AT&T said it will alert customers who were impacted via text, email or U.S. mail. It also said people could log into their account, where they'll be able to see if their data was affected.
Customers "can also request a report that provides a more user-friendly version of technical information that was compromised," a spokesperson told CBS MoneyWatch.
AT&T said customers can visit att.com/DataIncident for more information.
Is AT&T providing identity theft protection?
No, AT&T said it's not providing additional protection services at this time.
However, it warned customers to be cautious about email or text requests that ask for personal, account or credit card information.
"For example, bad actors will often send emails that try to get you to click on links that contain malicious software (known as 'phishing')," the company said. "Another technique bad actors use involves sending text messages that attempt to get recipients to reveal important information like passwords or account information ('smishing')."
AT&T recommends that people only open texts or emails from people they know, and advises not to reply with personal information to any text or email from someone you don't know. It also recommends that customers go directly to a company's website rather than clicking on a link in a message or email, since scammers sometimes build fake websites that are designed to look like the real thing.
"In case of suspicious text activity, you may forward it to us so that we can act. Get step-by-step instructions to report unwanted text messages by following this link. Messages forwarded are free and will not count toward your text plan," the company said.
- In:
- Data Breach
- AT&T
Aimee Picchi is the associate managing editor for CBS MoneyWatch, where she covers business and personal finance. She previously worked at Bloomberg News and has written for national news outlets including USA Today and Consumer Reports.