AT&T has announced a significant data breach in which hackers accessed six months’ worth of call and text message records from nearly all of its cellular network customers. The breach, which was discovered in April, involved the unauthorized access and copying of AT&T call logs stored on a third-party cloud platform.

The compromised data includes records of calls and texts from May 1 to October 31, 2022, and January 2, 2023. Although the content of the calls and messages was not compromised, the records contain phone numbers, making the metadata highly sensitive. Metadata can reveal patterns and connections between individuals, posing potential privacy risks.

AT&T, which has 127 million devices on its wireless network, stated that while customer names were not included in the stolen data, it is often possible to link phone numbers to individuals using publicly available tools. The company has implemented additional cybersecurity measures and is working with law enforcement to address the breach. One person has been apprehended in connection with the incident.

The Federal Communications Commission (FCC) has launched an investigation into the breach. Experts warn that the scale of the stolen metadata could pose significant national security risks, as it can reveal intimate details about individuals’ daily activities.

AT&T assured customers that the data is not publicly available and that the breach will not impact its operations or financial results. However, concerns remain about the potential misuse of the stolen metadata and the need for stronger cybersecurity measures in the telecommunications industry.