AT&T has launched a comprehensive investigation into a significant data breach involving the personal information of approximately 73 million current and former customers. The telecommunications giant disclosed this development in a news release issued on Saturday morning, highlighting the severity of the breach and its potential ramifications.
According to AT&T, the leaked data surfaced on the dark web approximately two weeks ago and includes sensitive details such as customers’ Social Security numbers. The company, however, clarified that it remains uncertain whether the data originated from AT&T’s own systems or from one of its vendors. As of now, AT&T has not uncovered any evidence of unauthorized access leading to the extraction of the dataset.
The leaked data appears to be from 2019 or earlier and notably lacks financial information or specifics about call history, as confirmed by AT&T. The breach impacts an estimated 7.6 million current account holders and 65.4 million former account holders.
In response to the breach, AT&T has initiated measures to mitigate potential risks to affected customers. The company is proactively contacting customers and urging them to reset their account passcodes as a precautionary measure. Additionally, AT&T is advising customers to remain vigilant regarding any suspicious activities related to their accounts or credit reports. To further support affected individuals, AT&T has committed to providing credit monitoring services at its expense where applicable.
News of the data leak first emerged on March 17, when it was posted by an account named “vx-underground.” AT&T, however, initially downplayed the significance of the leak, stating to CNN that there were no indications of a compromise within its systems. The company indicated that it had previously determined in 2021 that the information circulated online did not originate from its systems. Nonetheless, AT&T is now actively investigating the matter to confirm whether the dataset in question aligns with previous instances of data recycling on online forums.
The breach underscores the ongoing challenges faced by telecommunications companies in safeguarding customer data against sophisticated cyber threats, emphasizing the critical importance of robust cybersecurity measures and proactive response strategies.