Hackers stole phone records from nearly all of AT&T’s 110 million wireless customers, the company confirmed Friday. It’s the latest in a series of cyberattacks against businesses and government agencies.

“This one's massive,” says cybersecurity expert and author Scott Schober. “A lot of people are considering it one of the largest data breaches.”

AT&T says cybercriminals hacked into a cloud storage platform back in 2022, but says it did not become aware of the breach until April of this year. The company says it is working with law enforcement to identify the hackers and that one person has already been arrested.

The company wrote in a statement that the stolen data “does not contain the content of calls or texts, personal information such as Social Security numbers, dates of birth, or other personally identifiable information.” In other words, hackers can see who customers called or texted but not what was actually said. Still, Schober says AT&T customers should be prepared for what may happen next.

“Usually, following breaches of this scope and size, this type of information ends up on the dark web, and what happens? People are going to start calling you,” Schober says. “So be careful not to divulge any further personal information if they're asking for questions or scams, pretending they're with AT&T or another company. Same thing with phishing emails.”

Since no sensitive personal information was apparently compromised, Schober says there’s not much else AT&T customers need to do right now, but he cautions that data breaches like this should serve as a reminder to everyone to keep online information secure, using tools like strong passwords and multi-factor authentication.