AT&T has finally admitted a data breach affecting 73 million current and former customers. The breach happened several years ago, but the company repeatedly denied it saying that the leaked data didn’t originate from its systems. It acknowledged the breach about two weeks after a threat actor publicly dumped the stolen data on the dark web. The carrier has sent email notifications to affected customers.
AT&T confirms a data breach impacting 73 million customers
In August 2021, a well-known threat actor claimed to have breached AT&T’s security systems and stolen the personal information of over 70 million users. Samples leaked on the dark web contained a wide range of information about AT&T customers, including names, addresses, phone numbers, email IDs, social security numbers, and dates of birth. The hacker offered to sell the entire database for $1 million.
Despite potential privacy and security risks to its customers, AT&T denied suffering a breach. While there hasn’t been any follow-up for over two years, another threat actor shared the database for free on a hacking forum last month. Multiple sources independently verified that the database contains information about AT&T customers, people with online AT&T accounts, or people previously associated with AT&T.
Two weeks later, the carrier giant officially acknowledged that the breach impacted its customers. In a statement to TechCrunch, AT&T said the leak affects 7.6 million current users and 65.4 million former users. Emails sent to affected users state that the breach also compromised account passcodes, which are typically four-digit numbers. The company has reset compromised passcodes from its end.
AT&T still hasn’t identified the source of the leak, though. It does not know “whether the data in those fields originated from AT&T or one of its vendors.” The company says it “does not have evidence of unauthorized access to its systems resulting in exfiltration of the data set.” Nevertheless, if you are a current or former AT&T user, you should remain vigilant and actively monitor your account activities and credit reports.
AT&T offers complimentary identity theft and credit monitoring services
According to AT&T, the leaked data set is from 2019 or earlier and does not contain personal financial information or call history. Moreover, the information varied by customer and account. For users who had their sensitive personal information compromised in this leak, the company is offering complimentary identity theft and credit monitoring services. AT&T has put up a support page with more information about the breach and steps to secure your account.
