AT&T data leaked: 73 million customers affected

AT&T has confirmed that the data set leaked on the dark web some two weeks ago does, indeed, contain “AT&T data-specific fields”.

The company is reaching out to affected customers and offering credit monitoring services.

What type of data has been leaked?

According to AT&T, the batch includes data of approximately 7.6 million current AT&T account holders and approximately 65.4 million former account holders: full name, email address, mailing address, phone number, social security number, date of birth, AT&T account number and passcode. (Not all records include all of these types of data

“To the best of our knowledge, the compromised data appears to be from 2019 or earlier and does not contain personal financial information or call history,” they added, and urged customers to keep an eye on their account activity and credit reports – just in case.

The data set was leaked two weeks ago on a dark web forum, and seems to be the same data set that had been offered for sale in 2021.

AT&T said at the time that the data did not come from their systems, and still maintains that they don’t “have evidence of unauthorized access to its systems resulting in exfiltration of the data set,” and that they don’t yet known “whether the data in those fields originated from AT&T or one of its vendors.”

What should customers do?

AT&T has reset current account holders’ passcodes and advised them to set up free fraud alerts with Equifax, Experian, and TransUnion.

Affected users will be contacted by the company via email or letter, which means that customers should be probably be also on the lookout for phishing emails posing as AT&T.

They can also check whether their data is included in the data set by entering the email they used to create an AT&T account into Have I Been Pwned?

UPDATE (April 11, 2024, 06:20 a.m. ET):

In yesterday’s filing with Maine’s attorney general’s office, AT&T claims that 51,226,382 customers have been affected by the breach.