Cybercrime, Fraud Management and Cybercrime, Incident and Breach Response
Personal data of 75 million people, including SSN, posted on criminal forums
David Perera (@daveperera) •
March 30, 2024
AT&T changed its tune on Saturday, saying the leak of some of the personal data of 73 million people actually revealed sensitive information of current and former customers of America's largest wireless phone company.
Related item: Ransomware response essentials: Modifying initial access vectors
The admission reverses long-standing claims that the dataset first posted to a crime forum in 2021 does not appear to have come from that system (see below) After 70 million people's personal data leaked, AT&T denies being the source).
AT&T said in a statement that analysis of the dataset revealed “fields unique to AT&T data.” The dataset entered criminal circulation again earlier this month after a user on a criminal web forum accessible on Clearweb posted the dataset without charging a download fee.
Companies are not necessarily responsible for violations. “It is not yet clear whether the data in these areas comes from AT&T or AT&T's vendors,” the company statement said.
“At this time, AT&T has no evidence that data sets were compromised as a result of unauthorized access to its systems,” the statement said. The company said the incident did not have a significant impact on its operations.
The dataset includes names, addresses, and phone numbers, as well as Social Security numbers, and appears to be from before 2019. Of the total 75 million, 7.6 million belong to current customers and the rest belong to former subscribers, the company said.
After the data set resurfaced in March, data breach expert Troy Hunt said the data was “now in very wide circulation, no doubt in the hands of thousands of Internet lands.” “There is,” he wrote.
Regardless of who stole the data and from what source, the hackers responsible also likely obtained the private keys used to encrypt the data, Hunt wrote.
“As I like to say, the only thing worse than data appearing on the dark web is data appearing on the clear web. And that's exactly where it is.” “Tor's hidden services are visibly exposed on public forums that are easily accessible with a regular web browser.” said.
AT&T said it has contacted the affected individuals and will continue to monitor their credit status. We have also created an online FAQ for individuals who may be affected. “We take cybersecurity very seriously,” the company said.