AT&T has confirmed that personal data belonging to 73 million customers has been leaked online.
AT&T is a major American telecommunications company that offers services including wireless, landline phone, and internet access.
The data was originally exposed in 2021 may have included Social Security numbers, passcodes (typically four-digit PINs), full names, email addresses, mailing addresses, phone numbers, dates of birth, and AT&T account numbers that were then published on the dark web.
"AT&T has determined that AT&T data-specific fields were contained in a data set released on the dark web. While AT&T has made this determination, it is not yet known whether the data in those fields originated from AT&T or one of its vendors,
With respect to the balance of the data set, which includes personal information such as social security numbers, the source of the data is still being assessed. Based on our preliminary analysis, the data set appears to be from 2019 or earlier, impacting approximately 7.6 million current AT&T account holders and 65.4 million former account holders. Currently, AT&T does not have evidence of unauthorized access to its systems resulting in theft of the data set.” AT&T's statement released on March 30th reads.
AT&T have stated they have not been able to tell if the breach originated from their own systems or a third party vendor they work with. An investigation has been launched to determine the cause.
Read: Top 10 Most Notorious Hacker Groups in History
“It has come to our attention that a number of AT&T passcodes have been compromised. We are reaching out to all 7.6M impacted customers and have reset their passwords. In addition, we will be communicating with current and former account holders with compromised sensitive personal information,” their 'Keeping Your Account Secure' page reads.
“Our internal teams are working with external cybersecurity experts to analyze the situation. To the best of our knowledge, the compromised data appears to be from 2019 or earlier and does not contain personal financial information or call history.”
In an FAQ section AT&T confirms that they have ‘taken precautionary measures and reset passcodes, which is an extra layer of protection for AT&T accounts.’
What to do if your data has been breached?
If your information was impacted in the data breach, AT&T says ‘ you will be receiving an email or letter from [them] explaining the incident, what information was compromised, and what [they] are doing for you in response’
AT&T has encouraged customers to ‘remain vigilant by monitoring account activity and credit reports.’. They go on to recommend setting up fraud alerts from credit bureaus. As well as requesting and reviewing a free credit report at any time.
AT&T have already reset impacted accounts passcodes, but if you haven’t changed your passcode in the last year they also suggest changing it as a precaution. You can change your passcode by:
- Signing into your AT&T Profie
- Selecting my linked accounts
- Selecting edit on passcode
- Following the prompts to change your passcode.