AT&T says hacker stole some data from 'nearly all' wireless customers

AT&T has announced that the company believes a hacker stole records of calls and texts from nearly all of AT&T's wireless customers, according to a financial filing from the company.

"The data does not contain the content of calls or texts, personal information such as Social Security numbers, dates of birth, or other personally identifiable information," AT&T said in their statement released early Friday morning. "These records identify the telephone numbers with which an AT&T or MVNO wireless number interacted during these periods, including telephone numbers of AT&T wireline customers and customers of other carriers, counts of those interactions, and aggregate call duration for a day or month."

AT&T says it has taken "additional cybersecurity measures" in response to this incident including closing off the point of unlawful access.

AT&T confirmed that it will provide notice to its current and former impacted customers.

"AT&T is working with law enforcement in its efforts to arrest those involved in the incident," the company said. "Based on information available to AT&T, it understands that at least one person has been apprehended. As of the date of this filing, AT&T does not believe that the data is publicly available."

"The incident was limited to an AT&T workspace on Snowflake's cloud platform and did not impact AT&T's network," the company said.

The Justice Department allowed AT&T two national security exemptions and allowed the company not to report the cyber breach publicly until Friday. For some critical infrastructure companies, the U.S. government mandates that at least 72 hours after a cyber breach, companies must report the nature of the attack to the government.

"Consistent with the Department's public guidance, AT&T notified the FBI upon learning of the incident, but prior to AT&T having made its materiality determination," the Department of Justice said in a statement. "AT&T's cooperation with the Department in this matter, including its timely advance notification to the FBI, benefited the Department's ongoing efforts to investigate the incident."

AT&T says the incident has not had a "material impact on AT&T's operations," and AT&T does not believe that the incident is "reasonably likely to materially impact AT&T's financial condition or results of operations."

The Cybersecurity and Infrastructure Security Agency said in a statement they are aware of the incident, and are working with AT&T and other government agencies to assess the impact of the breach.

CISA is the cybersecurity arm of the Department of Homeland Security.

"As always, CISA urges all organizations to enforce stringent security measures, including multifactor authentication. We will continue to monitor and provide guidance or assistance, as needed," the statement said.