AT&T this week is letting customers and former customers know about a major data leak, and it is sending out emails and resetting passcodes to prevent unauthorized account access.
7.6 million customers and 65.4 million former customers have had their passcodes stolen and have had sensitive data leaked. AT&T claims that there was no unauthorized access to its systems resulting in the theft of the data set, with the information obtained several years ago.
Back in 2021, a hacking group said that it had stolen information on 70 million AT&T customers. AT&T at the time said that it had not suffered a breach, and the company still insists that the data did not come from its systems. Customer information leaked includes names, addresses, birth dates, AT&T account numbers, phone numbers, email addresses, and social security numbers, along with passcodes.
The data was not made public until March 2024, but now that it is out in the wild, AT&T has initiated passcode resets and says that it is working with external cybersecurity experts to further analyze the situation.
The company says leaked data does not include financial information or call history, and it will be providing complimentary identity theft and credit monitoring services for those who had their personal information compromised.
AT&T has determined that AT&T data-specific fields were contained in a data set released on the dark web. While AT&T has made this determination, it is not yet known whether the data in those fields originated from AT&T or one of its vendors.
With respect to the balance of the data set, which includes personal information such as social security numbers, the source of the data is still being assessed. Based on our preliminary analysis, the data set appears to be from 2019 or earlier, impacting approximately 7.6 million current AT&T account holders and 65.4 million former account holders. Currently, AT&T does not have evidence of unauthorized access to its systems resulting in theft of the data set.
Impacted current and former customers will be receiving a letter or an email from AT&T.
Top Rated Comments
The issue is AT&T did not do anything until the data appear in the wild. That is deplorable.
2024: data on 63,000 Verizon employees ('https://www.csoonline.com/article/1306308/verizon-employee-compromises-personal-data-of-63000-colleagues.html') compromised
2023: data on estimated 7.5 million Verizon customers ('https://www.androidpolice.com/verizon-data-breach-2023/') leaked
2017: data on 6 million Verizon customers ('https://www.theverge.com/2017/7/12/15962520/verizon-nice-systems-data-breach-exposes-millions-customer-records') exposed
2016: data of 1.5 million Verizon Enterprise Solutions customers ('https://www.usatoday.com/story/tech/news/2016/03/25/15-million-customers-verizon-anti-hacker-unit-hacked/82251118/') gets leaked