Months of AT&T call records exposed in data breach

American telecoms giant AT&T revealed on Friday that the call and text logs of its customers were hacked between May and October 2022, and said that at least one person has been arrested.

The company said it learned of the "threat actor's" activity in April but, according to the Department of Justice, a delay in providing public disclosure was warranted.

These threat actors illegally accessed an AT&T workspace on a third-party cloud platform and exfiltrated files containing AT&T records and customers calls and text interactions.

While the data didn't contain call or text content, or any personal information such as Social Security numbers, it would have been possible to identify telephone numbers of AT&T customers. However, the data hasn't yet been made public.

"While the data does not include customer names, there are often ways, using publicly available online tools, to find the name associated with a specific telephone number," AT&T said.

The company said it was working with law enforcement to arrest those involved, and understands that "at least one person has been apprehended".

"AT&T has taken additional cybersecurity measures in response to this incident including closing off the point of unlawful access. AT&T will provide notice to its current and former impacted customers," AT&T said in a regulatory filing.

AT&T futures were down 2.6% at $18.37 in pre-market trading in New York.