AT&T Is Investigating A Breach That Exposed Millions Of Customers’ Personal Information To The Dark Web

AT&T announced yesterday that it is investigating an incident two weeks ago that led to millions of customers’ data being published on the dark web, a portion of the Internet that can only be accessed using special software.

TakeAway Points:

  • AT&T is looking into an incident that resulted in the data of millions of customers being made public on the dark web.
  • Following a preliminary investigation by the corporation, it was discovered that the data included Social Security numbers, dates of birth, home addresses, phone numbers, and names from 7.6 million active accounts.
  • The origin of the leak has not yet been determined by AT&T.

AT&T Investigates Leak

The company has reset the passcodes of the 7.6 million current users who were impacted and said it is actively contacting those customers, along with the 65.4 million former account holders who also had their data compromised.

“As of today, this incident has not had a material impact on AT&T’s operations,” the company wrote in a press release on Saturday.

AT&T’s preliminary review found that the leaked data was from approximately 2019 or earlier and included personal information such as names, home addresses, phone numbers, dates of birth, and Social Security numbers. The data set does not contain personal financial information or call history.

AT&T has encouraged users, who will receive an email if they are affected, to set up fraud alert accounts and monitor their account activity and credit reports. The company has not yet identified the source of the leak.

“We encourage customers to remain vigilant by monitoring account activity and credit reports. You can set up free fraud alerts from nationwide credit bureaus—Equifax, Experian, and TransUnion.” AT&T said.

Similar Incidence

A year ago, the company revealed around 9 million customers had been hacked by one of its vendors, exposing Customer Proprietary Network Information (CPNI), which includes information like first names, wireless account numbers, wireless phone numbers, and email addresses.

An AT&T spokesperson said at the time, “A small percentage of impacted customers also had exposure to rate plan names, past due amounts, monthly payment amounts, various monthly charges, and/or minutes used. The information was several years old.”

In February, AT&T customers experienced an hours-long cellular outage, which the company clarified resulted from a system issue, not a cyberattack. The company’s CEO, John Stankey, later apologized for that incident and provided customer credits to those impacted.

About

American Telephone and Telegraph Corporation, or AT&T Inc., is a worldwide holding corporation for telecommunications based in the United States with its headquarters located in Whitacre Tower in Downtown Dallas, Texas. It is the biggest wireless provider in the US and, by revenue, the fourth-largest telecoms corporation in the world. With $120.7 billion in sales, AT&T was placed 13th among the biggest US firms on the Fortune 500 list as of 2023. 

To expand its media assets, AT&T announced on October 22, 2016, that it would acquire Time Warner for $108.7 billion. Assistant Attorney General Makan Delrahim filed a lawsuit on November 20, 2017, alleging that the merger with Time Warner “would undermine competition, result in higher bills for consumers, and cause less innovation,” with the US Department of Justice Antitrust Division. Judge Richard J. Leon of the U.S. District Court decided on June 12, 2018, to approve the merger. Two days later, the merger was finalised, and Time Warner became an entirely owned subsidiary of AT&T. The business changed its name to WarnerMedia a day later.