Matt O'Brien, Associated Press
10 minutes ago
AT&T said it has begun notifying millions of customers about personal data theft recently discovered online.
The telecom giant announced Saturday that a dataset found on the “dark web” includes social security numbers and other information for about 7.6 million current AT&T account holders and 65.4 million former account holders. .
The company said it has already reset passcodes for current users and plans to contact account holders whose sensitive personal information was compromised.
The company said in a statement that it was unclear whether the data “originated from AT&T or one of its vendors.” The data breached does not appear to be from before 2019 and does not include financial information or call history. In addition to passcodes and social security numbers, this may include email and mailing addresses, phone numbers, and dates of birth.
The data, which surfaced on hacking forums about two weeks ago, is very similar to a similar data breach that surfaced in 2021 but was not acknowledged by AT&T, said cybersecurity researcher Troy Hunt.
“If they evaluate this, make the wrong decision, and fail to notify affected customers for years, the company could soon face a class action lawsuit,” founder Hunt said. It's expensive,” he said. An Australian-based website that warns people if their personal information has been compromised.
An AT&T spokesperson did not immediately respond to a request for comment Saturday.
This is not the first crisis this year for the Dallas-based company. The February outage temporarily disrupted cell phone service for thousands of U.S. users. At the time, AT&T said the incident was due to a technical coding error rather than a malicious attack.