Telecommunication network AT&T has confirmed the leak of sensitive data belonging to roughly 73 million current and former customers.
The leak, discovered on the dark web, includes personal information such as Social Security numbers, passcodes, and contact details.
The breach impacted about 7.6 million active users and 65.4 million individuals who have previously used AT&T’s services. The source of the leak remains uncertain, and AT&T cannot confirm whether it was directly from their systems or through a third-party vendor.
AT&T, in a statement, said, “To the best of our knowledge, the compromised data appears to be from 2019 or earlier and does not contain personal financial information or call history.”
AT&T announced plans to notify all 7.6 million existing account holders whose sensitive personal information was compromised in the breach.
The company stated that it had already reset passcodes and initiated an investigation into the incident.
In response to the incident, AT&T has initiated a comprehensive investigation with the assistance of external cybersecurity experts. It has also taken immediate steps to secure affected customers’ accounts, including resetting passcodes.
The company noted, “Our teams are working with external cybersecurity experts to analyze the situation and we have reset passcodes.”
The breach also includes additional personal information such as email and mailing addresses, phone numbers, and birthdates.
Reports of the breach initially emerged on a hacking forum nearly two weeks ago. It remains uncertain whether this leak is connected to a previous breach in 2021, which received widespread coverage but was not acknowledged by AT&T.
Cybersecurity professionals, including Troy Hunt, the founder of the Have I Been Pwned? website, told the Associated Press that AT&T’s repercussions could escalate if it is determined that the company failed to adequately respond to the breach.
Hunt stated, “If they assess this and they made the wrong call on it, and we’ve had a course of years pass without them being able to notify impacted customers.”
The breach revelation follows a period of technical challenges for AT&T, notably a February outage that disrupted service for thousands of users, attributed to a coding error rather than a cybersecurity threat.
The outage also affected some Consumer Cellular, T-Mobile, UScellular, and Verizon subscribers, caused widespread frustration among phone users, and briefly interrupted 911 service in certain communities.
AT&T apologized for the network disruption and gave affected customers a $5 credit.
