AT&T recently discovered that sensitive information belonging to millions of its current and former customers had been stolen and found online, the company announced over the weekend. The dataset found on the dark web contains information such as Social Security numbers and passcodes for around 7.6 million current account holders and 65.4 million former account holders. It is still unknown whether the data originated from AT&T or one of its vendors, and the Dallas-based company has launched an investigation into the incident. AT&T has started notifying customers whose personal information was compromised, including full names, email addresses, mailing addresses, phone numbers, dates of birth, and account numbers.
The compromised data from this breach included Social Security numbers and passcodes, which are numerical PINS typically four digits long, along with other personal information such as full names, email addresses, mailing addresses, phone numbers, dates of birth, and AT&T account numbers. The data impacted is from 2019 or earlier and does not appear to include financial information or call history, according to the company. Current and former customers should be alert for any potential fraudulent activity and take necessary precautions to protect their personal information.
Customers impacted by this breach should expect to receive an email or letter directly from AT&T about the incident. The notifications began going out on Saturday, with the company confirming that passcodes for current users have already been reset, and credit monitoring services will be provided where applicable. AT&T has initiated a thorough investigation with internal and external cybersecurity experts to further assess the situation and determine the extent of the breach.
AT&T has experienced various data breaches of different sizes and impacts over the years, with the latest breach closely resembling a similar incident that surfaced in 2021 but was not acknowledged by the company. Cybersecurity researcher Troy Hunt highlighted the potential consequences for AT&T if the assessment of the breach is incorrect and impacted customers are not notified in a timely manner, leading to possible class action lawsuits. Consumers are advised to create strong passwords, use multifactor authentication when possible, and monitor account activity for any suspicious transactions. Setting up fraud alerts and credit freezes with nationwide credit bureaus can help protect against identity theft and malicious activity.
Protecting oneself in an increasingly digitized world can be challenging, but there are steps consumers can take to safeguard their personal information. In the event of a breach, changing passwords and monitoring account activity for unusual transactions is recommended. Visiting a company’s official website for reliable contact information is crucial, as scammers may attempt to exploit data breaches through phishing emails or phone calls. It is also advisable to take advantage of free credit freezes and fraud alerts offered by credit bureaus like Equifax, Experian, and TransUnion to enhance security measures against identity theft. AT&T has not commented further on the similarities between this breach and previous incidents, and the investigation into the data breach is ongoing.