Please register to access this content.
To continue viewing the content you love, please sign in or create a new account
Dismiss
This content is for our paying subscribers only

Business Retail

Data from 73 million AT&T accounts leaked online

Dark web data leak appears to be from 2019 or earlier



It is not known if the data "originated from AT&T or one of its vendors,” the company said in a statement.
Image Credit: Pixabay

Dallas: AT&T said it has begun notifying millions of customers about the theft of personal data recently discovered online.

The telecommunications giant said Saturday that a dataset found on the “dark web” contains information such as Social Security numbers for about 7.6 million current AT&T account holders and 65.4 million former account holders.

Get exclusive content with Gulf News WhatsApp channel

The company said it has already reset the passcodes of current users and will be communicating with account holders whose sensitive personal information was compromised.

While the data surfaced on a hacking forum nearly two weeks ago, it closely resembles a similar data breach that surfaced in 2021 but which AT&T never acknowledged, said cybersecurity researcher Troy Hunt.

Advertisement

It is not known if the data "originated from AT&T or one of its vendors,” the company said in a statement. The compromised data is from 2019 or earlier and does not appear to include financial information or call history, it said. In addition to passcodes and Social Security numbers, it may include email and mailing addresses, phone numbers and birth dates.

“If they assess this and they made the wrong call on it, and we’ve had a course of years pass without them being able to notify impacted customers,” then it's likely the company will soon face class action lawsuits, said Hunt, founder of an Australia-based website for warning people when their personal information has been exposed.

It is not the first crisis this year for the Dallas-based company. An outage in February temporarily knocked out cellphone service for thousands of U.S. users. AT&T at the time blamed the incident on a technical coding error, not a malicious attack.

An AT&T spokesperson didn't immediately return a request for comment Saturday.

Advertisement