Millions of AT&T Customers’ Personal Information Leaked Online, Including SSNs and Passcodes
AT&T, the largest telecommunications network in the United States, disclosed on Saturday that personal information belonging to millions of past and present customers has been compromised online. The leaked data includes Social Security numbers (SSNs), passcodes, and contact details.
According to a statement released by the multinational company, a dataset recently discovered on the “dark web” contained information for approximately 7.6 million current AT&T account holders and 65.4 million former users, affecting a total of about 73 million accounts.
The company stated that it is uncertain whether the breach originated from AT&T or one of its vendors.
“The compromised data appears to be from 2019 or earlier and does not include personal financial information or call history,” the statement added.
AT&T assured that all 7.6 million existing account holders affected by the breach would be notified. The company has already reset passcodes and initiated an investigation into the incident.
In addition to passcodes and SSNs, the compromised data may include email and mailing addresses, phone numbers, and birth dates, AT&T further explained.
Reports of the breach initially emerged on a hacking forum nearly two weeks ago. It remains unclear whether this leak is connected to a similar breach in 2021, which was widely reported but not acknowledged by AT&T.
During the previous breach, a hacker claimed to have accessed data of 70 million AT&T customers, including their names, addresses, phone numbers, SSNs, and dates of birth.
Auction data on a hacking forum revealed that the hacker attempted to sell the stolen information for thousands of dollars.
Cybersecurity expert Troy Hunt, creator of Have I Been Pwned? – a website that alerts subscribers to data breaches – warned that if AT&T failed to notify impacted customers promptly, it could face class action lawsuits.
Troy Hunt disclosed in a blog post that at least 153,000 of his customers were affected by the breach.
Earlier in February, the Dallas-based company encountered challenges when an outage temporarily disrupted mobile phone service for thousands of users. AT&T attributed the incident to a technical coding error rather than a malicious attack. Although other networks were affected, AT&T appeared to be the most severely impacted.
