The personal data belonging to 73 million current or former AT&T customers has been exposed on the dark web after the firm was breached in 2019.
AT&T admitted that sensitive data including social security numbers, passcodes, email addresses, phone numbers, full names, and addresses were published on the dark web two weeks ago, and has started a mass-reset of passcodes to prevent further damage.
The telecommunications giant said it believes the data was exposed during an incident in 2019, adding that the data does not contain personal financial information or call history.
In a statement published on 30 March 2024, AT&T confirmed the stolen data was associated with around 7.6 million active account holders as well as 65.4 million former customers.
“It has come to our attention that a number of AT&T passcodes have been compromised. We are reaching out to all 7.6M impacted customers and have reset their passcodes,” the firm said. “In addition, we will be communicating with current and former account holders with compromised sensitive personal information.”
AT&T said it was unable to determine whether the leaked data originated from its internal systems or from those of one of its vendors.
“With respect to the balance of the data set, which includes personal information such as social security numbers, the source of the data is still being assessed.”
The firm noted there is no evidence of any unauthorized access to its systems that resulted in the exfiltration of data, and the incident has not had a material impact on its operations.
AT&T customers should “assume they’ve been breached”
Customers impacted by the breach should receive an email or letter from AT&T outlining what information was compromised and how they can mitigate potential damages.
In addition to resetting their password, AT&T is encouraging customers to monitor accounts and credit reports for fraudulent activity, advising users to set up free fraud alerts from national credit bureaus such as Equifax or Experian.
Anne Cutler, cyber security expert at Keeper Security, said the amount of sensitive information exposed in the breach is cause for concern, noting threat actors will already be looking to exploit this data.
“The severity of this data breach is significantly heightened because of the Personal Identifiable Information (PII),” she said. “The immediate concern is the potential exploitation of this exposed data, which could lead to various malicious activities such as identity theft, phishing attacks, and unauthorized access to user accounts.”
Cutler listed a number of steps she would advise customers to take in light of the disclosure.
“Current and former AT&T customers should assume they’ve already been breached and act accordingly. Proactive steps individuals can and should take immediately include changing login information for their account with AT&T, getting a dark web monitoring service, monitoring or freezing their credit and practicing good cyber hygiene.”
“By using strong and unique passwords for every account, enabling MFA everywhere possible, updating software regularly and always thinking before they click, individuals can greatly increase their personal cyber security.”
