AT&T Inc. reported a significant cybersecurity incident in a recent SEC filing. On April 19, 2024, the company discovered that a threat actor claimed to have accessed and copied AT&T's call logs. The breach occurred between April 14 and April 25, 2024, on a third-party cloud platform, compromising records of customer call and text interactions from May 1 to October 31, 2022, and on January 2, 2023. The data included call and text records, interaction counts, and aggregate call durations but did not contain the content of communications or personally identifiable information. AT&T has notified law enforcement and is working with them to apprehend those responsible. One suspect has been arrested. The company has taken steps to secure its systems and will notify impacted customers...Show More

AT&T Inc. reported a significant cybersecurity incident in a recent SEC filing. On April 19, 2024, the company discovered that a threat actor claimed to have accessed and copied AT&T's call logs. The breach occurred between April 14 and April 25, 2024, on a third-party cloud platform, compromising records of customer call and text interactions from May 1 to October 31, 2022, and on January 2, 2023. The data included call and text records, interaction counts, and aggregate call durations but did not contain the content of communications or personally identifiable information. AT&T has notified law enforcement and is working with them to apprehend those responsible. One suspect has been arrested. The company has taken steps to secure its systems and will notify impacted customers. Despite the breach, AT&T does not anticipate a material impact on its operations or financial results. The disclosure was delayed until May 9 and June 5, 2024, upon the U.S. Department of Justice's determination that it was warranted under Form 8-K regulations. The incident report was filed with the SEC on July 12, 2024.