AT&T acknowledges that a hacker stole call records of 'nearly all' of its customers

AT&T reported in an SEC filing that unidentified hackers "unlawfully accessed" the call and text message records of "nearly all" of its customers.

According to the telecommunications company's own inquiries, the cyberattack took place between April 14 and 25. The stolen data belongs both to users of its own mobile telephone services and to those who contract with other mobile operators that use its wireless network.

Although it did not put a figure on the number of people affected, the company claimed in its annual report last year that there were 210 million people connected to its mid-band 5G network.

The stolen data pertains to calls and messages made over nearly six months between May 1 and Oct. 31, as well as on Jan. 2. The company detailed: 

"These records identify the telephone numbers with which an AT&T or MVNO wireless number interacted during these periods, including telephone numbers of AT&T wireline customers and customers of other carriers, counts of those interactions, and aggregate call duration for a day or month."

It further cautioned that although the subtracted data does not include customer names, "there are often ways, using publicly available online tools, to find the name associated with a specific telephone number."

Also, "The data does not contain the content of calls or texts, personal information such as Social Security numbers, dates of birth, or other personally identifiable information."

The company also assured that it is cooperating with the authorities to arrest those involved and that "it understands that at least one person has been apprehended." 

In addition, it assured that it had taken additional security measures and would inform affected customers.