AT&T, the U.S. telecommunications giant, has disclosed a major data breach affecting almost all of its customers, where cybercriminals successfully accessed and stole extensive phone records. A spokesperson confirmed to TechCrunch on Friday that AT&T will soon begin notifying millions of consumers about the breach.

In a statement, AT&T revealed that the stolen data encompasses phone numbers from both cellular and landline customers, as well as detailed call and text metadata. This includes information on who contacted whom via phone or text messages during a six-month period spanning from May 1, 2022, to October 31, 2022. Additionally, some more recent records from January 2, 2023, for a smaller subset of customers were also compromised.

The breach also impacted AT&T’s customers who use other cellular services relying on AT&T’s network. Notably, the stolen data does not include the content of calls or texts but covers details such as call durations, total counts of calls and texts, and metadata that can be described as non-content information.

Among the exposed information are cell site identification numbers linked to phone calls and text messages, which can potentially reveal the approximate locations from where calls or texts were made.

AT&T plans to notify approximately 110 million affected customers about the breach. The company has published a dedicated website providing information and resources for customers affected by this incident. Furthermore, AT&T has formally disclosed the breach in regulatory filings before the market opened on Friday.

The breach, according to AT&T, was detected on April 19 and is confirmed to be unrelated to a previous security incident reported in March. AT&T’s spokesperson, Andrea Huguely, informed TechCrunch that the recent compromise of customer records stemmed from a data breach at Snowflake, a prominent cloud data provider. It remains unclear why AT&T was storing customer data with Snowflake, and the company declined to elaborate on this aspect.

This incident marks AT&T as the latest victim among a recent spate of data breaches affecting Snowflake’s clientele, including companies like Ticketmaster and LendingTree’s QuoteWizard subsidiary.

Snowflake attributed the breaches to a lack of multi-factor authentication (MFA) implementation by its customers, a security measure that the cloud data provider did not enforce or mandate for its users.

Cybersecurity incident response firm Mandiant, engaged by Snowflake to assist in customer notifications, reported that approximately 165 of Snowflake’s customers experienced significant data theft from their accounts. Mandiant attributed these breaches to a cybercriminal group identified as UNC5537, characterized as financially motivated and operating across North America, with at least one member based in Turkey.

Several corporate victims of the Snowflake account breaches subsequently had their data published on well-known cybercrime forums. AT&T, however, stated that it does not believe the stolen data is publicly accessible at this time.

In response to the breach, AT&T is actively collaborating with law enforcement agencies to apprehend the cybercriminals involved. The company confirmed that at least one individual has been arrested in connection with the breach. Huguely clarified that the arrested person is not an AT&T employee and redirected inquiries regarding the alleged criminals to the Federal Bureau of Investigation (FBI).

An FBI spokesperson verified to TechCrunch on Friday that following AT&T’s notification of the breach, AT&T, the FBI, and the Department of Justice (DOJ) cooperated to delay public and customer notifications on two occasions. This delay was implemented due to perceived “potential risks to national security and/or public safety,” the FBI spokesperson disclosed.

This incident represents AT&T’s second security breach reported this year. Earlier, the company was compelled to reset the account passcodes for millions of customers after encrypted customer account information surfaced on a cybercrime forum. Security experts warned that the encrypted passcodes could potentially be decrypted, prompting AT&T’s precautionary measures to safeguard customer accounts.