AT&T confirms that personal information from millions of customers was leaked on a dark-web forum in mid-March.
In a statement released March 30 AT&T said: “AT&T has launched a robust investigation supported by internal and external cybersecurity experts. Based on our preliminary analysis, the data set appears to be from 2019 or earlier, impacting approximately 7.6 million current AT&T account holders and approximately 65.4 million former account holders. AT&T does not have evidence of unauthorized access to its systems resulting in exfiltration of the data set.”
Tech news online newspaper TechCrunch broke the story of the hacking incident and actually alerted AT&T to the breach.
The telecommunications giant is contacting customers and resetting passwords on the millions of customer accounts that were compromised. The data leak included names, email addresses, passcodes and Social Security numbers. Cybersecurity experts have noted similarities to a possible breach from 2021 that AT&T never acknowledged.
The company has offered to cover the cost of identity theft and credit monitoring services for affected customers “where applicable.”
In a safety notice on its customer-support page, AT&T said that the leaked data varies by account but may include full names, email addresses, mailing addresses, phone numbers, Social Security numbers, dates of birth, AT&T account numbers, and passcodes.
The company is investigating the incident, but said “it is not yet known whether the data in those fields originated from AT&T or one of its vendors.”
AT&T recommended that affected customers reset their passwords and set up free fraud alerts with the nation’s three credit bureaus: Equifax, Experian, and TransUnion.
The data leak news follows a nationwide cellular-service outage for millions of AT&T customers in late February that lasted for nearly 12 hours. AT&T officials say the outage was caused by a software update and was unrelated to a cyberattack. The Federal Communications Commission (FCC) launched a formal investigation into the outage.
This isn’t the first data breach for the company. One of the breaches occurred in 2014 when a rogue employee accessed personal data on about 1,600 customers. And in 2023 the company reported a breach that exposed the data of 9 million customers.
AT&T encouraged “customers to remain vigilant by monitoring account activity and credit reports” and included links to credit bureaus in its note to customers. Our new PII removal solution, MyPrivacy360, actively removes and scans the web for repeatedly exposed data.
