The data contains records of calls and texts between approximately May 1 and
Oct. 31, 2022, and on Jan. 2, 2023.

Hackers stole six months' worth of call and text message records of nearly
every AT&T cellular network customer, the company said Friday, a breach that
has the potential to reveal sensitive information about millions of
Americans.

The company said in an SEC filing that it learned from an internal
investigation that in April, hackers "unlawfully accessed and copied AT&T
call logs" that were saved on a third-party cloud platform.

The data contains records of calls and texts between approximately May 1 and
Oct. 31, 2022, and on Jan. 2, 2023.

The content of the calls and messages was not compromised and customers'
personal information was not accessed — but the records did include phone
numbers. Such information is often called metadata, which is information
about communications, and considered highly sensitive especially when
collected and analyzed at large scales to reveal patterns and connections
between people.

AT&T's wireless network has 127 million devices connected to it, according
to the company's 2023 annual report.

"While the data does not include customer names, there are often ways, using
publicly available online tools, to find the name associated with a specific
telephone number," the company said in its SEC filing.

The Justice Department and the FBI each said it is working with AT&T to
investigate the hack. The FCC also said it had launched an investigation
into the breach.

John Scott-Railton, a senior researcher at the University of Toronto's
Citizen Lab, which focuses on communications technology and security, called
the hack at "megabreach," emphasizing that metadata stolen at this scale has
the potential to be a major national security threat as well as a problem
for businesses and individuals.

"These are incredibly sensitive pieces of personal information and, when
taken together at the scale of information that appears to be included in
this AT&T breach, they presetent a massive NSA-like window into Americans’
activity," he said, nodding to the leaks by Edward Snowden that exposed the
National Security Agency's bulk collection of metadata.

Thomas Rid, a professor of strategic studies and the director of the
Alperovitch Institute for Cybersecurity Studies at Johns Hopkins University,
said metadata can reveal intimate details about people, though he cautioned
that more needs to be learned about what hackers took from AT&T before a
full picture of the threat will be clear.

"If you have somebody’s metadata, you know when they go to work, where they
go to work, where they sleep every night," he said.

AT&T said it has "taken additional cybersecurity measures in response to
this incident including closing off the point of unlawful access." Customers
affected by the hack will be contacted, it said.

The company said the U.S. Justice Department ruled that it should publicly
announce details of the hack — on May 8 and June 5 — but only after an
unspecified delay.

AT&T added that it is assisting law enforcement officers in efforts to
arrest the hackers.

"Based on information available to AT&T, it understands that at least one
person has been apprehended," the company said, without providing further
details.

The company sought to assure customers that, at least as of Friday, "AT&T
does not believe that the data is publicly available."

The filing also said the hack would not impact its operations or negatively
affect its financial results.

Metadata on its own does not include the actual name of a person, though
such information can be easy to find online.

But the hack announced Friday could pose an even greater threat to AT&T
users because of a previous security issue. Some AT&T customer names were
previously released in a breach announced in March, according to Jake
Williams, vice president of research and development at Hunter Strategy, an
IT consultancy. That incident also included Social Security numbers.

"AT&T data previously compromised and released will help threat actors map a
large percentage of the phone numbers in these customer records to the
actual victims impacted," Williams said in an email to NBC News.

Sen. Ron Wyden, D-Ore., said in a statement that the breach was indicative
of the lax legal environment in which telecommunications companies operate.

"This is not the first data breach revealed by a major phone company and it
won’t be the last," he said. "These hacks, which are almost always the
result of inadequate cybersecurity, won’t end until the FCC starts holding
the carriers accountable for their negligence. These companies will keep
shortchanging customer security until it hits them in the wallet with
billion dollar fines."

https://www.nbcnews.com/news/us-news/t-says-hackers-stole-records-nearly-
cell-customers-calls-texts-rcna161507