AT&T, one of the largest wireless carriers in the US, has confirmed that personal data from about 7.6 million current account holders and 65.4 million former customers was leaked onto the dark web. The data, which appears to be from 2019 or earlier, includes personal information such as Social Security numbers. The company is currently investigating the incident.
The leaked data poses a significant threat to affected customers. They may face risks such as identity theft, financial fraud, and other malicious activities. The data includes customer names, home addresses, phone numbers, dates of birth, Social Security numbers, and encrypted passcodes. This could potentially lead to targeted attacks on those affected.
AT&T has launched a robust investigation supported by internal and external cybersecurity experts. The company has not found evidence of unauthorized access to its systems resulting in exfiltration of the dataset. It is also unclear whether the data originated from AT&T or one of its vendors.
Experts in cybersecurity have concluded that the AT&T customer data sold online is legitimate and warn it could be used to launch targeted attacks on those affected. There is a considerable debate about where the information comes from, with AT&T saying that the information does not come from their systems.
AT&T is actively reaching out to affected customers via email or letter to inform them about the data that was included in the leak and the measures being taken to address the situation. The company has reset the passcodes for all impacted current customers.
AT&T is offering free credit monitoring through Equifax, Experian, and TransUnion. The company has also urged customers to remain vigilant by monitoring account activity and credit reports. In addition, customers are advised to change their passwords associated with all AT&T accounts.
