AT& T has confirmed a significant data breach that has affected approximately 73 million customers, both current and former. The breach was first reported when a dataset containing sensitive customer information was discovered on the dark web. The dataset is believed to be from 2019 or earlier and includes a range of personal information
Affected Data
The compromised data includes:
📌Full names
📌Email addresses
📌Mailing addresses
📌Phone numbers
📌Social Security numbers
📌Dates of birth
📌AT& T account numbers
📌Passcodes (numerical PINs typically four digits long)
It is important to note that the dataset does not appear to include personal financial information or call history
Scope of the Breach
The breach impacts about 7.6 million current AT& T customers and approximately 65.4 million former customers. The data was released on the dark web approximately two weeks prior to the confirmation by AT& T
AT& T’s Response
📌AT& T has taken several steps in response to the breach:
📌Reset the passcodes of the current users affected.
📌Launched a robust investigation with internal and external cybersecurity experts.
📌Began notifying impacted customers through email or letters.
📌Offered to pay for credit-monitoring services where applicable
Customer Guidance / AT& T advises customers to:
📌Freeze their credit reports at the major agencies (Equifax, Experian, and TransUnion).
📌Sign up for 24–7 credit monitoring.
📌Enable two-factor authentication on their AT& T accounts.
📌Change passwords and monitor account activity for suspicious transactions.
📌Set up free fraud alerts and credit freezes through the Federal Trade Commission to protect against identity theft and other malicious activities
Previous Incidents and Industry Context
AT& T has experienced several data breaches over the years, with varying sizes and impacts. This breach is notably larger than a leak in January 2023 that affected 9 million users. The telecommunications industry has been a lucrative target for hackers, with recent breaches affecting other major providers like T-Mobile and Verizon
Regulatory Response
The Federal Communications Commission (FCC) updated its data breach notification rules in December to hold phone companies accountable for protecting sensitive customer information and to enable customers to protect themselves if their data is compromised
Ongoing Investigation and Implications
The source of the breach is still being assessed, and it is not yet known whether the data originated from AT& T or one of its vendors. There is currently no evidence of unauthorized access to AT& T’s systems resulting in the exfiltration of the dataset. However, the incident has not had a material impact on AT& T’s operations as of the latest updates
Cybersecurity Alert and Recommendations
AT& T emphasizes the importance of cybersecurity and privacy, urging customers to remain vigilant by monitoring their account activity and credit reports. The company has also provided free fraud alerts through major credit bureaus