AT&T Addresses Illegal Download of Customer Data

In April 2024, AT&T learned that customer data was illegally downloaded from our workspace on a third-party cloud platform. The company launched an investigation and engaged leading cybersecurity experts to understand the nature and scope of the criminal activity. Based on its investigation, the compromised data includes files containing AT&T records of calls and texts of nearly all of AT&T’s cellular customers, customers of mobile virtual network operators (MVNOs) using AT&T’s wireless network, as well as AT&T’s landline customers who interacted with those cellular numbers between May 1, 2022 - October 31, 2022. The compromised data also includes records from January 2, 2023, for a very small number of customers. The data does not contain the content of calls or texts, personal information such as Social Security numbers, dates of birth, or other personally identifiable information. At this time, AT&T does not believe that the data is publicly available.