AT&T, one of the largest mobile carriers in the United States, has confirmed a massive data breach affecting millions of its customers. The breach affects around 7.6 million current AT&T account holders and 65.4 million former account holders. For those affected, the carrier company says that users will receive an email or letter explaining the incident, what information was compromised, and what it is doing in response to it.
The data breach includes fields such as full name, email address, mailing address, phone number, social security number, date of birth, AT&T account number, and passcode. For now, the company is resetting users" passcodes and also advises users to change them as a precaution.
AT&T says that it has determined company-specific fields in the dataset that was leaked on the dark web. However, where the data originated from still remains unknown. AT&T says that it hasn"t found any "evidence of unauthorized access to its systems resulting in the theft of the data set." The dataset appears to have data from 2019 or earlier.
The company has previously denied being affected by a data breach, citing that "the information that appeared in an internet chat room does not appear to have come from our systems." The dataset from this breach, which happened in 2021, was being sold by threat actors ShinyHunters, who confirmed that the breach indeed happened from AT&T"s internal systems.
All AT&T customers have been advised to remain vigilant by monitoring their account activity and credit reports. The company, in its FAQ, suggests users set up free fraud alerts on credit bureaus like Equifax, Experian, and TransUnion.
Users can go through AT&T"s FAQ page to know more details about the data breach. We recommend users be careful about any SMS or phishing emails impersonating AT&T and contact the company to confirm whether they attempted to make the contact.