The company said it doesn’t think the records are available online, and that it “has taken additional cybersecurity measures in response to this incident including closing off the point of unlawful access.”
The hack marks just the latest large-scale security incident for AT&T. In late March, the company disclosed that account information from 73 million current and former customers had been leaked to the dark web. A massive cellphone outage in late February disrupted the cellphone services of at least 1.7 million customers, although the company said that incident was caused by a technical error.
The incidents underscore the massive reach of America’s leading wireless carriers. The total number of connected devices on the AT&T network grew to 127 million at the end of 2023, according to the company’s 2023 annual report. That includes roughly 87 million postpaid wireless subscribers.
The company did not specify a client number for the latest breach, saying only that “nearly all” of its wireless customers, as well as mobile virtual network operators and AT&T landline customers, had been affected.
GET CAUGHT UP
Stories to keep you informed
Names and personal information such as Social Security numbers or credit card numbers weren’t compromised, but the carrier warned that cellphone numbers can easily be connected to names through online tools. The company also said the hack wouldn’t be material to its operations or negatively impact its financial results
The breach was discovered in late April and reported to the Department of Justice, which AT&T said has apprehended at least one person. Agency officials did not immediately respond to a request for comment.
The customer data was on a platform operated by the cloud data company Snowflake, according to AT&T. In a news release, the company said it would notify the affected consumers, and provide them with resources to help protect their information.
“We sincerely regret this incident occurred and remain committed to protecting the information in our care,” the company said.
Snowflake, in a statement from company chief information officer Brad Jones, said it hasn’t seen any evidence suggesting a breach of its platform. The company has provided updates on its blog about a “targeted threat campaign” against some of its customers, although it wasn’t immediately clear whether that campaign is connected to the AT&T incident.
“We have not identified evidence suggesting this activity was caused by a vulnerability, misconfiguration, or breach of Snowflake’s platform,” Jones said, adding that this was confirmed by investigations from the cybersecurity companies Mandiant and CrowdStrike.
