Data from roughly 7.6 million current account holders and 65.4 million former account holders were released on the dark web, AT&T said.
Telecom giant AT&T disclosed on March 30 that data from about 73 million current and former account holders have been leaked onto the “dark web,” and the incident is under investigation.
In a March 30 announcement, AT&T said that data from roughly 7.6 million current account holders and 65.4 million former account holders were released on the dark web about two weeks ago.
The company said in a separate notice that the data set seems to be from 2019 or earlier, and while the type of information compromised varies by customer and account, it may include passcodes, full name and email address, home address, phone number, date of birth, and Social Security numbers.
AT&T said it had reset passcodes for 7.6 million current account holders affected by the leak.
“We will be reaching out to individuals with compromised sensitive personal information separately and offering complimentary identity theft and credit monitoring services,” the company said in a statement.
AT&T said it hasn’t found any evidence of unauthorized access to its systems that resulted in data being stolen and that it has launched a “robust” investigation into the incident with the help of outside cybersecurity experts.
“Our internal teams are working with external cybersecurity experts to analyze the situation,” the company said in a statement. “To the best of our knowledge, the compromised data appears to be from 2019 or earlier and does not contain personal financial information or call history.”
It’s unclear if the leaked data originated from AT&T or one of the company’s vendors.
AT&T said the incident has not had a material impact on its operations.
It’s also unclear if the data relates to a claim made in 2021 by a hacker known as ShinyHunters with a long history of compromising websites who claimed to have obtained a trove of AT&T data impacting 71 million people.
By Tom Ozimek