Cyber Blog

AT&T disclosed on Saturday an ongoing investigation into a data breach affecting more than 70 million current and former customers, with the compromised data discovered on the dark web. According to the company, approximately 7.6 million current account holders and 65.4 million former account holders have been impacted. The breach, which occurred roughly two weeks prior to the announcement, has not yet shown significant operational repercussions, as stated in an AT&T press release.

Personal information potentially exposed in the breach includes social security numbers, full names, email and mailing addresses, phone numbers, dates of birth, as well as AT&T account numbers and passcodes. The company has not publicly identified the source of the leak but noted that the compromised dataset appears to date back to 2019 or earlier. AT&T reassured that there is no evidence of unauthorized access to its systems resulting in the theft of this dataset.

AT&T is proactively reaching out to the impacted 7.6 million customers, resetting their passcodes through email or letter communications. Additionally, the company plans to extend support to both current and former account holders whose sensitive personal information was compromised, offering complimentary identity theft and credit monitoring services. External cybersecurity experts have been engaged to assist in the investigation.

Despite the breach, some AT&T sales representatives seemed unaware of the incident when contacted by NPR. The company advises affected consumers to monitor their account activity and credit reports closely. Carmen Balber, executive director of the consumer advocacy group Consumer Watchdog, recommended impacted individuals to prioritize password changes, monitor other accounts, and consider freezing their credit with the three credit bureaus, given the exposure of social security numbers.