The personal data of 73 million current or former AT&T customers was exposed on the dark web after the company was breached in 2019.
AT&T admitted that sensitive data, including social security numbers, passcodes, email addresses, phone numbers, full names and addresses, was posted on the dark web two weeks ago, and has begun a mass reset of passcodes for avoid further damage.
The telecommunications giant said it believes the data was exposed during an incident in 2019, adding that the data does not contain personal financial information or call history.
in a statement Posted on March 30, 2024, AT&T confirmed that the stolen data was associated with around 7.6 million active account holders, as well as 65.4 million former customers.
“We have become aware that several AT&T passwords have been compromised. “We are contacting the 7.6 million affected customers and have reset their passwords,” the company said. “In addition, we will contact current and former account holders who have sensitive personal information compromised.”
AT&T said it could not determine whether the leaked data originated from its internal systems or those of one of its providers.
“With respect to the rest of the data set, which includes personal information such as social security numbers, the source of the data is still being evaluated.”
The firm noted that there is no evidence of any unauthorized access to its systems that resulted in data exfiltration, and that the incident has not had a material impact on its operations.
AT&T Customers Should 'Assume They Have Been Breached'
Customers affected by the breach should receive an email or letter from AT&T describing what information was compromised and how they can mitigate potential damages.
In addition to resetting your password, AT&T encourages customers to monitor accounts and credit reports for fraudulent activity, and recommends users set up free fraud alerts from national credit bureaus like Equifax or Experian.
Anne Cutler, a cybersecurity expert at Keeper Security, said the amount of sensitive information exposed in the breach is cause for concern, noting that threat actors will already seek to exploit this data.
“The severity of this data breach is significantly increased due to personally identifiable information (PII),” he said. “The immediate concern is the potential exploitation of this exposed data, which could lead to various malicious activities, such as identity theft, phishing attacks, and unauthorized access to user accounts.”
Cutler listed a series of steps he would recommend clients take in light of the disclosure.
“Current and former AT&T customers should assume they have already been breached and act accordingly. Proactive steps people can and should take immediately include changing their account login information with AT&T, getting a dark web monitoring service, monitoring or freezing their credit, and practicing good cyber hygiene.”
“By using strong, unique passwords for each account, enabling MFA everywhere possible, updating software regularly, and always thinking before they click, people can significantly increase their personal cybersecurity.”