The Courier-Journal (Louisville)
AT&T breach includes 73 million accounts
AT&T is investigating how tens of millions of former and current customers had their personal information leaked on the dark web last month.
In addition to the 7.6 million current AT&T customers affected, the telecom giant said in an announcement last weekend about 65.4 million former customers “had some data released” within the data set, which “appears to be from 2019 or earlier.”
Leaked onto the dark web two weeks ago, the data set had personal information including Social Security numbers and data from “AT&T data-specific fields.”
The “compromised data” does not contain personal financial information or call history, AT&T said.
The company said it is investigating the incident, but added “it is not yet known whether the data in those fields originated from AT&T or one of its vendors.”
AT&T said it has contacted all 7.6 million current customers who were impacted and reset their passwords after it learned “that a number of AT&T passcodes have been compromised,” according to its note to customers.
The company will contact all current and past customers whose “sensitive personal information” was compromised and has launched “a robust investigation supported by internal and external cybersecurity experts.”
Additionally, AT&T encouraged “customers to remain vigilant by monitoring account activity and credit reports” and included links to credit bureaus in its note to customers.
Tech news sites CNET and TechCrunch report the data stems from a 2021 breach that AT&T denied then. A portion of that data set appeared online at the time.
Then, last week, the dataset from that breach resurfaced and included sensitive information such as Social Security numbers, home addresses and names, the sites reported.
Cybersecurity software firm MalwareBytes Labs noted the same timeline and advised readers to be alert for scammers pretending to be from AT&T. “If you receive an email, phone call or something similar from someone claiming to be from AT&T be cautious and contact AT&T directly to check it’s real,” the company said.
AT&T added: “As of today, this incident has not had a material impact on AT&T’s operations.”
USA TODAY