AT&T Finds 73M Customers' Information Leak on “Dark Web,” Rushes to Reset Account Passcodes

AT&T announced this weekend that the theft of sensitive information belonging to millions of its current and former customers had been recently discovered online. Millions of AT&T customers' personal information, like Social Security numbers (SSNs), passcodes, and contact details, had been leaked online.

Leaked Personal Information on the Dark Web

In a statement on Saturday, the largest telecommunication network in the United States, AT&T, released a statement revealing that a dataset recently found on the dark web contained information for approximately 7.6 million current AT&T account holders and 65.4 million former users, totaling around 73 million affected accounts. Still, the company said it remains unclear whether the breach originated from AT&T or one of its vendors. According to the statement, the compromised data appears to be from 2019 or earlier and does not include personal financial information or call history.

AT&T announced plans to notify all 7.6 million existing account holders affected by the breach of their sensitive personal information. The company stated that it had already reset passcodes and Social Security numbers and was actively investigating the incident along with email and mailing addresses, phone numbers, and birth dates.

The Initial Reports of The Breach

Reports about the breach emerged on a hacking forum almost two weeks ago. Still, it remains uncertain whether this leak is connected to a similar breach in 2021, which received widespread attention but was not acknowledged by AT&T. A hacker asserted to have accessed data of 70 million AT&T customers during that time, purportedly including names, addresses, phone numbers, Social Security numbers, and dates of birth, which he had tried to sell for thousands of dollars, according to an auction data from the hacking forum.

According to Troy Hunt, a Cybersecurity expert who spoke with The Associated Press news agency, if AT&T misjudged the severity of the breach and failed to notify affected customers over the course of several years, the company could soon face class action lawsuits. However, a spokesperson for AT&T did not respond immediately to a request for comment on Saturday.

The company's wireless 5G network covers approximately 290 million people throughout the United States, positioning it as one of the nation's largest providers of mobile and internet services.

Hunt, the creator of Have I Been Pwned?, a website that notifies subscribers about data breaches, revealed in a blog post that at least 153,000 of his customers were impacted.

Previous Network Challenges of AT&T

The Dallas-based company also encountered difficulties when an outage temporarily disrupted mobile phone service for thousands of users back in February.

AT&T attributed the incident to a technical coding error rather than a malicious attack, with AT&T being the most severely affected among all the other networks that had been impacted.

Tags
AT&T, Data breach
Real Time Analytics