AT&T Says Data Of 7.6 Million Account Holders Leaked On Dark Web

AT&T has become the latest organisation to be involved in a data breach, after customer data was published on the dark web.

At the weekend, AT&T confirmed that it is investigating a cyber incident, after it came “to our attention that a number of AT&T passcodes have been compromised.”

This is a second piece of bad news for the American carrier in the space of two months. In February the carrier denied that a cyberattack was responsible for a significant outage of the AT&T mobile network in the US, which lasted for some hours.

Data breach

AT&T is the country’s largest telecoms operator in the US, with more than 240 million subscribers, but it has now admitted that personal data for some 7.6 million account holders have been compromised, which reportedly includes social security numbers.

CNN reported that while approximately 7.6 million current account holders have been impacted by the leak, a total of 65.4 million former account holders were affected.

“We are reaching out to all 7.6M impacted customers and have reset their passcodes,” said the carrier. “In addition, we will be communicating with current and former account holders with compromised sensitive personal information.”

AT&T said its internal teams are working with external cybersecurity experts to analyse the situation.

“To the best of our knowledge, the compromised data appears to be from 2019 or earlier and does not contain personal financial information or call history,” it said. “We encourage customers to remain vigilant by monitoring account activity and credit reports.”

It advised worried customers that they can set up free fraud alerts from nationwide credit bureaus — Equifax, Experian, and TransUnion.

Previous breaches

AT&T has suffered other data breaches in previous years.

Back in June 2010, a group of hackers exploited a security hole on AT&T’s website.

As a result, the group was able to get its hands on the email addresses of 114,000 owners of Apple iPads.

Then in April 2015 the US Federal Communications Commission issued AT&T with a $25 million fine, over a consumer data breach at its call centres in Mexico, Colombia and the Philippines.

The FCC said at the time, that those data breaches involved the unauthorised disclosure of names and full or partial Social Security numbers of 280,000 US customers.

That 2015 breach also involved the unauthorised access to protected account information.