AT&T reported Saturday that the personal data of millions of current and former account holders has been leaked to the dark web.
The Dallas-based company said the data, which appears to be from 2019 or earlier, was published on the dark web about two weeks ago and authorities have not yet determined its source. Ta.
Here's what we know:
How many people were affected?
According to officials at the telecommunications giant, preliminary analysis shows that the data set contains information from about 73 million people, including about 7.6 million current account holders and 65.4 million former account holders. It has been revealed that
Those affected will receive an email or letter from the company.
In an email to customers, AT&T said that, to its knowledge, the data does not include personal financial information or call history. But officials said the information released may have included names, email addresses, phone numbers, Social Security numbers, and AT&T account numbers and passcodes.
AT&T told customers in an email that it will provide free identity theft and credit monitoring services if sensitive personal information is compromised.
What should I do if I am affected?
AT&T is already resetting passcodes, or PINs, which is an additional security measure for account holders. Officials are advising all customers to change their passcodes as a precaution.
Andrew Sternke, CEO of Southlake-based DarkBox Security Systems, said people should monitor their credit reports and use two-factor authentication for all accounts. Ta.
“The real issue here is the fact that basically all of the personally identifiable information that would be needed to basically recreate a human being in cyberspace was leaked,” Sternke said.
Brett Callow, a threat analyst at cybersecurity firm Emsisoft, said affected customers should register for credit monitoring services if they are offered. He also urged people to consider blocking their credit to prevent fraud from occurring.
Has something like this happened to you before?
In 2021, threat actor ShinyHunters claimed to be selling the data of 70 million AT&T customers. The company said at the time that the information did not come from AT&T and that authorities would not speculate on whether the data was valid, tech media outlet BleepingComputer reported.
Users on one of the hacking forums, BreachForums, appear to suggest that this data breach is a repost of the first breach of 2021, but AT&T officials have not confirmed that.
Company officials said there is currently no evidence of unauthorized access to the company's systems, and it is unclear whether the data came from the company or one of its vendors.
Has a similar company experienced a data breach?
Yes, in fact, AT&T's main competitors have dealt with data breaches in recent years.
T-Mobile announced last year that a “bad actor” had accessed the personal data of 37 million customers, CNN reported. The company has agreed to pay $350 million in 2022 to settle a class action lawsuit stemming from a data breach that was disclosed in 2021 and affected more than 40 million people.
Verizon has also been the victim of data breaches in the past, with the company saying at least 6 million customers were affected in 2017, though it said no information had fallen into the wrong hands.