Unlock the Editor’s Digest for free
Roula Khalaf, Editor of the FT, selects her favourite stories in this weekly newsletter.
AT&T suffered a vast cyber security breach earlier this year, with hackers accessing the call and text message information of “nearly all” the US telecoms company’s tens of millions of wireless subscribers.
Over 11 days in April, “threat actors” accessed and copied records of customer calls and texts from a period of several months in 2022 as well as on January 2, 2023, the company said in a regulatory filing on Friday.
The compromised data included files related to “nearly all” of its cellular customers, customers of mobile virtual network operators (MVNO) using its wireless network as well as AT&T’s landline customers who interacted with those cellular numbers between May and October 2022. The company said the breach from January 2 affected “a very small number of customers”.
Dallas-based AT&T joins a growing list of big US companies over the past year that have contended with cyber security breaches, with healthcare giant UnitedHealth, consumer group Clorox, casino operators MGM Resorts International and Caesars Entertainment, and Supreme and North Face owner VF Group among that revealed hacks.
AT&T reported it had more than 100mn wireless subscribers at the end of March, according to its most recent earnings report, making it the second-biggest wireless carrier in the US by customers and revenue after Verizon.
AT&T said it started an investigation after learning on April 19 of the breach, and that the US Department of Justice in May and June determined a delay in providing public disclosure was “warranted”.
The company added that it was “working with law enforcement” to arrest the people involved, and that “at least one person has been apprehended”.
AT&T said the data, which it does not believe is publicly available, did not contain the content of calls or texts, or personal information, such as social security numbers, dates of birth or other personally identifiable information. The company warned, though, that while the accessed information did “not include customer names, there are often ways, using publicly available online tools, to find the name associated with a specific telephone number”.
The records identified telephone numbers with which an AT&T or MVNO number interacted during the periods, including those of other carriers, as well as “counts of those interactions, and aggregate call duration for a day or month”, according to the company.
AT&T said the incident had “not had a material impact” on its operations and the company did not believe it was “reasonably likely to materially impact AT&T’s financial condition or results of operations”.
Shares in AT&T were down 2.4 per cent in pre-market trading on Friday.
The company added it had taken additional cyber security measures in response to the incident including “closing off the point of unlawful access”, and would provide notice to its current and former impacted customers.
