The US Federal Communications Commission said it is investigating a massive breach of AT&T customer data.
1min read The US Federal Communications Commission (FCC) said it is investigating a massive breach of AT&T customer data that includes call and text records for nearly all of its phone customers over the past six months, one of the largest breaches of private communications data in recent memory.
The company said in a filing with regulators Friday that the previously undisclosed breach also includes customer records for wireless service providers that use AT&T’s network from May 1, 2022, to Oct. 31, 2022. The company said it learned of the data breach in April and that the information was illegally downloaded from a third-party cloud platform, which a spokesman said was Snowflake Inc.
AT&T said there were “very few” customers whose records were breached after Jan. 2, 2023.
A spokesman for the FCC, Jonathan Uriarte, said, “The agency is conducting an investigation and coordinating with our law enforcement partners.”
The filing said the data did not include call and text content, personal information such as birth dates and social security numbers, or call durations. But it said the records could identify a phone number or a wireless service provider that used AT&T’s network during those time periods. The company said that while the data did not include customer names, some “publicly available online tools” could be used to link a phone number to an individual.
While much remains unknown about the breach, it could have devastating consequences if the data were made public. That includes people who don’t want others to know who they have called, such as politicians, executives, activists, journalists and their sources.
A report in April said that about 73 million accounts had been breached and their personal information posted on the dark web. A spokesman for the company told Reuters that the data appeared to be from before 2019 and was not related to the breach disclosed on Friday.
AT&T said on Friday that it believed the latest breach had not been made public.
