On Friday, cell service provider AT&T announced they experienced a major data breach in 2022, with the hackers having gained access to “nearly all” call and text records. According to Bloomberg, it is one of the biggest private communications hacks in recent years.
In the company’s official statement, they admitted that the stolen data includes “records of calls and texts of nearly all of AT&T’s cellular customers” as well as other customers that might have tapped into their network.
“AT&T’s landline customers who interacted with those cellular numbers between May 1, 2022 – October 31, 2022,” they wrote, adding that a small percentage of customer records from January 2023 were compromised as well.
AT&T claims it first learned of the data breach in April. They first acknowledged it in a regulatory filing in May, and claim to have alerted the FBI shortly after the discovery. Making the news known to the press was delayed twice “due to a potential national security risk or threat to public safety,” according to an Axios reporter who spoke to a company source.
Learn more about the 2024 Vault Conference and secure your ticket today!
The FBI said it worked closely with AT&T alongside the Department of Justice “through the first and second delay process, all while sharing key threat intelligence to bolster FBI investigative equities and to assist AT&T’s incident response work.”
The company claims that the hackers did not gain access to the content or times of the calls and texts, nor their personal information. They did warn that such content could have been accessed through third-party tools.
The Federal Communications Commission (FCC) has an “ongoing investigation” into the breach in collaboration with other federal agencies, according to a statement made on Friday. AT&T is collaborating and announced they had knowledge “that at least one person has been apprehended.”
We have an ongoing investigation into the AT&T breach and we' re coordinating with our law enforcement partners.
— The FCC (@FCC) July 12, 2024
In February, AT&T, T-Mobile, and other major service providers saw widespread outages that disrupted numerous communication channels.
The next week, technicians from AT&T determined that the 12-hour nationwide outage of its US network was caused by an “incorrect process,” not by a foreign cyberattack or solar radiation as some sources had suggested. The company offered $7.5 million in compensation to affected users—a payout equivalent to $5 per person.
At the time of the outage, White House spokesman John Kirby told the press that the Federal Communications Commission had alerted the FBI and other agencies to be on standby in case “malicious” activity was discovered, but no further action was taken.
Lawmakers seized on the opportunity to warn of the very real possibility of future cyberattacks on these same systems, with Senate Intelligence Committee Vice Chairman Marco Rubio (R-FL) warning that “it will be 100 times worse when China launches a cyber attack on America on the eve of a Taiwan invasion.”
AT&T said at the time that it would apply a $5 credit to the accounts of affected customers within two billing cycles for a total payout of $7.5 million—equivalent to two-tenths of a percent of the company’s fourth-quarter revenue.
“Despite that impact to the business, I believe this approach is fully manageable while achieving the 2024 business objectives we have set for ourselves and our stated financial guidance,” AT&T CEO John Stankey wrote in a letter from the company.
Shane Devine is a writer covering politics and business for VT and a regular guest on The Unusual Suspects. Follow Shane’s work here.
Add comment