Hackers stole call and text records data from “nearly all” of 109 million AT&T Wireless customers, the telecommunications company disclosed on Friday.
The firm said one suspect had been arrested after the records – from May to October 2022 – were illegally downloaded and copied to a third-party platform this April.
The stolen data did not contain the content of calls or texts, but did record the numbers contacted, as well as the number and lengths of interactions, the company said.
The Justice Department said the delayed announcement of the hack was justified on national security grounds.
“We sincerely regret this incident occurred and remain committed to protecting the information in our care,” AT&T said in a statement.
The company said in its filing to the securities and exchange commission it had secured its systems from further similar hacks and did not believe what was stolen was publicly available.
It said it first learned of the breach five days after hackers started stealing data on 14 April. They continued to do so until 25 April, the company said.
Experts have warned that the information could be used to identify work places, approximate home locations, as well as potential colleagues and friends.
The breach comes months after AT&T disclosed that data from 2019 of 73 million former and current customers had been stolen and placed on the “dark web” by fraudsters.
AT&T said it would alert affected customers. Users could also log into their account to see if their data was affected, and request a report that would provide a more “user-friendly” version showing what was compromised.
It warned users to be cautious about email or text requests that ask for personal information.