Approximately 7.6 million current AT&T account holders and 65.4 million former customers have been impacted by the breach.
ATLANTA — AT&T, the leading wireless provider in the United States, is alerting its users about a data breach that exposed millions of customers’ information on the dark web.
In a statement released on Saturday, the telecommunications giant revealed that the leaked data dates back to 2019 and earlier, affecting around 7.6 million current AT&T account holders and 65.4 million former customers.
The exposed data includes sensitive personal information like social security numbers. AT&T is currently investigating the source of the data.
In the statement, AT&T mentioned they are uncertain if the data originated from their database or one of their vendors. They also clarified that there is no evidence of unauthorized access to their systems leading to the breach.
“The company is proactively communicating with the affected individuals and offering credit monitoring at no cost if applicable. Current and former customers with questions are encouraged to visit www.att.com/accountsafety for further details,” stated an AT&T spokesperson.
AT&T customer Coy Flynn expressed his concerns regarding the breach.
“I’m not really worried about having any secrets exposed on the dark web, but like everyone else, I don’t want my personal information out there for the world to see,” Flynn remarked.
Andy Green, a cybersecurity researcher and assistant professor at Kennesaw State University, emphasized the potential risk of personal information being compromised.
“The leaked data includes names, addresses, social security numbers, dates of birth, and phone numbers—highly sensitive information,” Green explained.
Green criticized AT&T’s delayed response to the breach, stating that the company is trying to close the door after the data has already been exposed.
“The concerning aspect here is the lack of clarity from AT&T even after nearly three years have passed since the incident was first detected,” Green pointed out.
While AT&T’s experts work to resolve the issue, customers may remain vulnerable to further scams.
“The data is still valuable to threat actors, regardless of whether you are an AT&T customer or not, as phone numbers are persistent identifiers nowadays,” Green highlighted. “Customers need to remain vigilant to avoid falling victim to malicious activities.”
The reassurance provided by Green was that customers who joined AT&T after August 2021 are likely safe from the breach. However, he emphasized the increasing frequency of data breaches in recent times.
Kimberly Angelone, an AT&T customer, expressed confidence and stated, “I’m not worried. If necessary, I will simply update a few passwords.”
Green advised customers to implement multi-factor authentication, avoid reusing passwords, freeze and monitor their credit profiles, and remain cautious moving forward.
“Don’t panic or overreact. Follow the steps I’ve outlined to safeguard your data and hope for the best outcome,” Green advised.
The recent nationwide cellular outage experienced by AT&T customers in late February due to a coding error is unrelated to the data breach. The company compensated affected users with a $5 credit to their accounts following the outage.
With over 240 million subscribers, AT&T provides wireless service to a significantly larger customer base than its closest competitor, Verizon.