AT&T(T.US) announced a new large-scale data breach affecting its customers. The company said that the breach affected the call and text data of most mobile customers between May 1, 2022 and October 31, 2022, and that the records of customers using wireless service providers on its network were also breached during the same period. As of writing, AT&T shares are down more than 2% in premarket trading.
This is one of the largest private communications data breaches in recent years. Notably, AT&T also suffered a data breach earlier this year, when the records of about 73 million customers were leaked onto the “dark web.” According to the company, about 7.6 million current customers and about 65.4 million former customers were affected in the latest breach, which included personal information such as social security numbers.
AT&T’s filing shows that the data disclosed on Friday does not include the contents of calls or texts, customer birth dates or Social Security numbers, or the number of calls. However, the company said that while the data does not include customer names, some “publicly available online tools” can be used to link the numbers to people.
According to the filing, an investigation, including cybersecurity experts, has been launched and measures taken to close illegal access points. The filing also shows that AT&T has been working with law enforcement and believes that at least one person involved has been arrested.
Reports have previously indicated that data breaches affecting customers are widespread across the entire U.S. telecom industry. Last December, the Federal Communications Commission (FCC) updated its 16-year-old data breach notification rules to ensure that telecom providers adequately protect sensitive customer information. The rules are designed to “hold carriers accountable for protecting sensitive customer information while empowering customers to protect themselves in the event of a data breach.”