AT&T has disclosed a significant data breach that compromised user information for nearly all of its mobile phone customers during a six-month period in 2022.

The incident, reported as one of the largest private communications data breaches in recent history, affected millions of customers and highlights potential vulnerabilities in the use of third-party cloud services.

According to the company, the data was accessed on third-party data warehousing tool Snowflake, which recently made headlines for hosting data stolen from Ticketmaster.

In a filing with the Securities and Exchange Commission (SEC), AT&T revealed that an internal investigation in April uncovered that hackers had “unlawfully accessed and copied AT&T call logs” stored on a third-party cloud platform.

Reached for comment by Fast Company, Snowflake sent a statement from Brad Jones, its chief information security officer, who said, “We have not identified evidence suggesting this activity was caused by a vulnerability, misconfiguration, or breach of Snowflake’s platform.”

Here’s what to know about the breach:

Key details 

• Scope of the breach: The breach involved “records of calls and texts of nearly all of AT&T’s cellular customers,” users of AT&T’s wireless network, and AT&T’s landline customers who interacted with these mobile numbers between May 1, 2022, and October 31, 2022. Additionally, a reportedly smaller group of customers’ data from early January 2023 was affected.
• Data accessed: Hackers accessed call and text interaction records but not the content of calls or texts, nor users’ personal information such as birthdates or Social Security numbers. Although customer names were not leaked, AT&T warned they could potentially be inferred using other publicly available tools.

Impact and response

• Customer notification: AT&T, which had around 110 million wireless subscribers at the end of 2022, will begin informing impacted customers and has implemented additional cybersecurity measures to prevent future incidents.
• Delayed disclosure: The company delayed public disclosure due to the U.S. Department of Justice’s determination that a delay “was warranted” for investigative reasons in May and June.
• Operational and financial impact: AT&T stated that the incident did not materially affect its operations or financial condition. However, Bloomberg noted that the breach could have serious implications for customers, especially those sensitive about their call records.

AT&T continues to work with law enforcement to address the breach and secure its systems. “We understand that at least one person has been apprehended,” the company added.

In April, AT&T also reported a separate hack impacting 7.6 million current and 65.4 million former account holders.