Millions of AT&T customers’ personal information, including Social Security numbers (SSNs), passcodes, and contact details, has been exposed online, according to the multinational company.
The telecommunication network, the largest in the United States, revealed that a dataset containing information for about 7.6 million current AT&T account holders and 65.4 million former users was discovered on the “dark web,” affecting approximately 73 million accounts.
It is unclear whether the breach originated from AT&T or one of its vendors, the company stated.
The compromised data appears to be from 2019 or earlier and does not include personal financial information or call history, according to the statement.
AT&T is set to notify all 7.6 million existing account holders whose sensitive personal information was compromised about the breach. The company has already reset passcodes and is conducting an investigation into the incident.
Thanks for reaching out. A number of AT&T passcodes have been compromised. Our teams are working with external cybersecurity experts to analyze the situation and we have reset passcodes. Learn more: https://t.co/tOZWNMOBen.
— AT&T (@ATT) March 31, 2024
In addition to passcodes and SSNs, the hacked data possibly included email and mailing addresses, phone numbers, and birth dates, AT&T added.
Reports of the breach first surfaced on a hacking forum nearly two weeks ago. It is unclear if the leak is linked to a similar breach in 2021 that was widely reported but that AT&T did not acknowledge.
A hacker at the time claimed to have access to data of 70 million AT&T customers, including their names, addresses, phone numbers, SSNs, and date of birth.
Auction data on a hacking forum revealed the hacker attempted to sell the stolen information for thousands of dollars.
“If they assess this and they made the wrong call on it, and we’ve had a course of years pass…
Original from www.aljazeera.com