The AT&T data breach revealed earlier this week may have affected up to half a million users in the UK, analysis shows.
Surfshark data shows that while US users make up the bulk of affected customers with 62 million email addresses exposed, a significant number of global users were also affected.
UK users were the second most affected by the breach, figures show, with 495,000 users affected. The names of 486,000 people were exposed, along with the cities of 460,000, the phone numbers of 457,000 and the birth dates of 141,000.
In total, a total of 2.7 million records belonging to people in the UK were exposed.
Anne Cutler, a cybersecurity expert at Keeper Security, said the exposure of customer data outside the U.S. highlights the scale of the breach and its far-reaching global impact.
Cutler warned that customers should take immediate steps to protect themselves from potential subsequent attacks by cybercriminals, such as phishing.
“In cases where personal information is stolen, data breach threats persist even after it has been discovered and contained,” he said.
“It is imperative that both current and former AT&T customers take proactive steps to protect themselves from cybercriminals who use their personal information for identity theft and targeted attacks.”
AT&T said it has taken precautionary measures in the wake of the breach and is contacting those whose sensitive personal information has been compromised to offer free credit monitoring and identity theft services.
It has now also reset the passwords of millions of affected customers, following suggestions that encrypted passwords that were part of the breach could be cracked and used to access customer accounts.
AT&T also suggested that customers should monitor their account activity and credit reports, and set up free fraud alerts from credit bureaus.
AT&T faces a series of lawsuits
AT&T could face additional pressure in the coming months as at least one lawsuit has been filed in the United States.
Injury law firm Morgan & Morgan claims in a class action lawsuit on behalf of Patricia Dean of Illinois that AT&T knew of the vulnerability that led to the breach and allowed it to occur by failing to act.
A hacking group called Shinyhunters, he said, announced data on more than 70 million AT&T users, including full names, email addresses, physical addresses and, in some cases, Social Security numbers and dates of birth in 2021.
“We are… alleging that AT&T exacerbated the problem by failing to acknowledge that the breach had occurred until March 30 of this year, allowing customers' personal data to remain in criminal hands without their knowledge for more than two and a half years “. years,” the court documents read.
It seeks damages and monetary compensation, along with lifelong credit monitoring for affected consumers.
Meanwhile, another US-based law firm, Spodek Law, is encouraging AT&T users to get in touch, noting that in some cases, courts have awarded data breach victims $1,000 or more per person in class action settlements.
“You may still have a claim even if you have not yet experienced concrete damages from the breach. Courts have recognized that the time and expense of protecting against future identity theft is a compensable harm,” he said.