A security breach compromising data from the vast majority of AT&T cellular customers includes calls made to Canada, the telecom giant confirmed to Media.
AT&T said Friday that the breach includes the data of nearly all of AT&T’s cellular customers, which includes more than 100 million individual customers in the U.S. and 2.5 million business accounts.
An AT&T spokesperson confirmed Friday that the data set in question includes calls to Canada. The breach includes aggregated metadata only, not the content of any calls, texts or social security or credit card information.
The compromised data also doesn’t include some information typically seen in usage details, such as the time stamp of calls or texts, the company said. The data doesn’t include customer names, but AT&T said that there are often ways, using publicly available online tools, to find the name associated with a specific telephone number.
The breach occurred in April earlier this year, but a company investigation determined that compromised data includes files containing AT&T records of calls and texts between May 1, 2022 and Oct. 31, 2022.
AT&T’s spokesperson says that the incident took place outside its network and the telecom’s own systems “were not breached.”
AT&T said that it currently doesn’t believe that the data is publicly available.
Also affected are customers of mobile virtual network operators using AT&T’s wireless network, as well as its landline customers interacted with those cellular numbers.
The company said Friday that it has launched an investigation and engaged with cybersecurity experts to understand the nature and scope of the criminal activity. The company continues to cooperate with law enforcement on the incident and that it understands that at least one person has been apprehended so far.