In a shocking revelation, AT&T announced on Friday that hackers have successfully stolen six months' worth of call and text message records of nearly every customer on its cellular network. This breach, which occurred in April, has the potential to expose sensitive information about millions of Americans.

According to an SEC filing by the company, the hackers unlawfully accessed and copied AT&T call logs that were stored on a third-party cloud platform. The stolen data includes records of calls and texts made between May 1 and October 31, 2022, as well as on January 2, 2023. While the content of the communications remains uncompromised and customers' personal information has not been accessed, the stolen records do contain phone numbers.

AT&T's wireless network currently boasts a staggering 127 million connected devices, as reported in the company's 2023 annual report. Although the data breach does not disclose customer names, it is important to note that publicly available online tools can potentially link telephone numbers to individuals.

The Federal Communications Commission (FCC) has swiftly launched an investigation into the breach, and they are working closely with law enforcement partners to address the issue. Additionally, AT&T has implemented additional cybersecurity measures to prevent similar incidents in the future.

Experts in the field have raised concerns about the magnitude of this breach. John Scott-Railton, a senior researcher at the University of Toronto's Citizen Lab, referred to it as a "megabreach," emphasizing that the stolen metadata poses a significant threat to national security, businesses, and individuals. Metadata, when collected and analyzed on a large scale, can reveal patterns and connections between people.

While acknowledging that metadata can expose intimate details about individuals, Thomas Rid, a professor of strategic studies, urged caution until more information about the exact nature of the breach is known. He stated that metadata can divulge information such as daily routines and locations, highlighting the potential risks involved.

AT&T has assured its affected customers that they will be contacted regarding the breach. Furthermore, the company confirmed that it is cooperating with law enforcement authorities to apprehend the hackers involved. While AT&T believes that the stolen data is not publicly available, it is essential to monitor the situation closely.

It is important to note that this recent breach could compound the risk for AT&T users due to a previous security issue. In March, AT&T experienced a breach that exposed customer names, including Social Security numbers. This previous incident could enable threat actors to correlate a significant number of phone numbers from the stolen records to the actual victims.

Sen. Ron Wyden of Oregon highlighted the breach as evidence of the inadequacy of the legal environment within which telecommunications companies operate. He argued that until the FCC holds carriers accountable for their negligence, these data breaches, resulting from inadequate cybersecurity, will persist.

As this is a developing story, regular updates will be provided as new information emerges.