CONSUMERS

AT&T calls and texts records stolen in data breach. Here's what Arizona customers need to know

Portrait of Rey Covarrubias Jr. Rey Covarrubias Jr.
Arizona Republic

AT&T announced on Friday that a data breach from 2022 to 2023 compromised the texts and phone calls of many customers, including an unknown number in Arizona.

In April, AT&T discovered calls and texts for "nearly all" customers were illegally downloaded from an online third-party storage platform, the telecom company said in a news release.

Items in the data breach included calls and texts for cellular customers and those on a mobile virtual network operator that used AT&T's towers. AT&T landline customers who interacted with compromised cellular customers would also be impacted by the breach.

There was no identified culprit for the illegal download, according to AT&T.

The breach had a high number of impacted customers between May 1, 2022, and Oct. 31, 2022, with a smaller number of customers separately impacted on Jan. 2, 2023, according to AT&T.

The compromised data included records of phone number usage, detailing the number of calls or texts made and the duration of calls on specific days or months, AT&T reported. The telecom company stated that it does not believe the illegally downloaded information is publicly available online.

Information safe from the data breach included time stamps for the calls or texts, along with much more sensitive details like Social Security numbers or dates of birth, which were excluded from the compromised data, AT&T said.

On Friday, an AT&T spokesperson declined to provide the number of impacted customers in Arizona. "We have not identified the number of customer records that were involved," said Jim Kimberly of AT&T.

Kimberly further declined to provide a number for how many customers AT&T currently has in Arizona.

AT&T reportedly worked with law enforcement after reporting the data breach and said one person had been questioned by police in connection with the breach.

The U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency had started an investigation into the breach, a spokesperson told The Arizona Republic on Friday.

“CISA is aware of the cyber incident reported today and is working with AT&T and US government partners to assess impact. As always, CISA urges all organizations to enforce stringent security measures, including multifactor authentication. We will continue to monitor and provide guidance or assistance, as needed," the spokesperson said.

AT&T said the company would contact customers who were impacted by the data breach.

More about it:After massive AT&T data breach, do users need to do anything?

AT&T reportedly had 100 million U.S. customers in 2023, according to an investor profile on the company's website.