- AT&T reports data breach affecting 73 million customer accounts
- Compromised information includes SSNs, passcodes, and contact details
- Investigation underway; passcodes reset for affected customers
Personal information, including Social Security numbers (SSNs), passcodes, and contact information, of millions of current and former AT&T customers was compromised online, according to the multinational corporation.
The largest telecommunications provider in the United States, AT&T, issued a statement on Saturday stating that a recently discovered dataset on the “dark web” contained information for approximately 73 million affected accounts, including 7.6 million current AT&T account holders and 65.4 million former users.
The company stated that it is unknown whether the intrusion “originated from AT&T or one of its vendors.”
The statement continued, “To the best of our knowledge, the compromised data appears to be from 2019 or earlier and does not comprise call logs or personal financial information.”
AT&T had planned to notify all 7.6 million existing account bearers whose sensitive personal information was compromised regarding the breach. The organisation stated that passcodes had been reset and an investigation was underway.
AT&T added that the compromised information may have also comprised email and mailing addresses, phone numbers, birth dates, SSNs, and passcodes.
Nearly two weeks ago, reports of the breach first surfaced on a cybercrime forum. It is unknown whether the disclosure is associated with a similarly reported breach that occurred in 2021 but went unacknowledged by AT&T.
At the time, a criminal asserted that they had obtained access to the personal information, including dates of birth, names, addresses, phone numbers, and SSNs, of 70 million AT&T customers.
Auction data discovered on a hacking forum indicated that the intruder endeavoured to trade the stolen data for tens of thousands of dollars.
“If they evaluate this and make the incorrect decision, and years have passed without them being able to notify affected customers,” cybersecurity expert Troy Hunt told The Associated Press. “It is likely that the company will soon be subject to class action lawsuits.”
“Invest in your future with Webull UK – get started with free shares.”
Troy, the proprietor of the data breach notification website Have I Been Pwned? He stated in a blog post that a minimum of 153,000 of his clients were impacted.
An earlier February incident impacted the Dallas-based organisation, wherein thousands of users experienced a temporary disruption in mobile phone service due to an outage.
AT&T attributed the incident to a technical coding error rather than a malicious attack. While additional networks were impacted, AT&T was the most severely troubled.
