AT&T is notifying millions of current and former customers that their account data was compromised and published on the dark web last month. The company hasn't said how many millions of dollars it will cost.
In a required filing with the Maine Attorney General's Office, the carrier said 51.2 million account holders were affected. AT&T puts the number at 73 million on its corporate website. In each case, the compromised data included one or more of the following: name, email address, mailing address, phone number, social security number, date of birth, AT&T account number, and AT&T passcode. Ta. AT&T said it did not appear to contain personal financial information or call history, and the data appears to date from before June 2019.
The 73 million customers affected include 7.6 million current customers and 65.4 million former customers, according to a disclosure on the AT&T site. According to the notice, AT&T is resetting all current customers' account PINs and notifying current and former customers by mail. AT&T representatives did not explain why the letter to the Maine AG lists 51.2 million people affected, while the disclosure on its website lists 73 million people affected. .
According to an article published by TechCrunch on March 30, security researchers said that passcodes are stored in an encrypted format that can be easily decrypted. Bleeping Computer reported in 2021 that his more than 70 million records, including AT&T customer data, were up for sale for $1 million that year. At the time, AT&T told news sites that the data stored did not belong to its customers and that its systems were not compromised.
After the same data resurfaced online last month, Bleeping Computer and TechCrunch confirmed that the data belonged to an AT&T customer, and the company finally acknowledged its relevance. AT&T has not yet disclosed how the information was compromised or why it took more than two years from the date of initial publication to confirm that the information belonged to its customers.
Considering the time period since the data has been available, the potential damage caused by the latest publication is considered minimal. That said, anyone who is or has been an AT&T customer should be wary of scams that attempt to exploit the leaked data. AT&T offers him one year of free identity theft protection.