AT&T says data breach leaked millions of customers’ information online

  • Comments
  • Print
Listen to this story

Subscriber Benefit

As a subscriber you can listen to articles at work, in the car, or while you work out. Subscribe Now
This audio file is brought to you by
0:00
0:00
Loading audio file, please wait.
  • 0.25
  • 0.50
  • 0.75
  • 1.00
  • 1.25
  • 1.50
  • 1.75
  • 2.00

The theft of sensitive information belonging to millions of AT&T’s current and former customers has been recently discovered online, the telecommunications giant said this weekend.

In a Saturday announcement addressing the data breach, AT&T said that a dataset found on the “dark web” contains information including some Social Security numbers and passcodes for about 7.6 million current account holders and 65.4 million former account holders.

Whether the data “originated from AT&T or one of its vendors” is still unknown, the Dallas-based company noted—adding that it had launched an investigation into the incident. AT&T has also begun notifying customers whose personal information was compromised.

Here’s what you need to know.

WHAT INFORMATION WAS COMPROMISED IN THIS BREACH?

Although varying by each customer and account, AT&T says that information involved in this breach included Social Security numbers and passcodes—which, unlike passwords, are numerical PINS that are typically four digits long.

Full names, email addresses, mailing address, phone numbers, dates of birth and AT&T account numbers might have also been compromised. The impacted data is from 2019 or earlier and does not appear to include financial information or call history, the company said.

HOW DO I KNOW IF I WAS AFFECTED?

Consumers impacted by this breach should be receiving an email or letter directly from AT&T about the incident. The email notices began going out on Saturday, an AT&T spokesperson confirmed to The Associated Press.

WHAT ACTION HAS AT&T TAKEN?

Beyond these notifications, AT&T said that it had already reset the passcodes of current users. The company added that it would pay for credit monitoring services where applicable.

AT&T also said that it “launched a robust investigation” with internal and external cybersecurity experts to investigate the situation further.

HAS AT&T SEEN DATA BREACHES LIKE THIS BEFORE?

AT&T has seen several data breaches that range in size and impact over the years.

While the company says the data in this latest breach surfaced on a hacking forum nearly two weeks ago, it closely resembles a similar breach that surfaced in 2021 but which AT&T never acknowledged, cybersecurity researcher Troy Hunt told the AP Saturday.

“If they assess this and they made the wrong call on it, and we’ve had a course of years pass without them being able to notify impacted customers,” then it’s likely the company will soon face class action lawsuits, said Hunt, founder of an Australia-based website that warns people when their personal information has been exposed.

A spokesperson for AT&T declined to comment further when asked about these similarities Sunday.

HOW CAN I PROTECT MYSELF GOING FORWARD?

Avoiding data breaches entirely can be tricky in our ever-digitized world, but consumers can take some steps to help protect themselves going forward.

The basics include creating hard-to-guess passwords and using multifactor authentication when possible. If you receive a notice about a breach, it’s good idea to change your password and monitor account activity for any suspicious transactions. You’ll also want to visit a company’s official website for reliable contact information—as scammers sometimes try to take advantage of news like data breaches to gain your trust through look-alike phishing emails or phone calls.

In addition, the Federal Trade Commission notes that nationwide credit bureaus—such as Equifax, Experian and TransUnion—offer free credit freezes and fraud alerts that consumers can set up to help protect themselves from identity theft and other malicious activity.

Please enable JavaScript to view this content.

Story Continues Below

Editor's note: You can comment on IBJ stories by signing in to your IBJ account. If you have not registered, please sign up for a free account now. Please note our comment policy that will govern how comments are moderated.

3 thoughts on “AT&T says data breach leaked millions of customers’ information online

  1. So what I’m reading is that ATT data keeps showing up on the dark web and ATT didn’t know about until somebody told them and ATT hasn’t identified the source not even from the 2021 breach.

  2. When do the consumers get paid for the inconvenience they are caused. There is a reasonable expectation for our information to be kept safe when they require the access to it.

    1. Reasonable expectation is a joke, these data breaches are so common you may as well put your SS number and bank account number on the bumper of your car, it would probably more secure!

Get the best of Indiana business news. ONLY $1/week Subscribe Now

Get the best of Indiana business news. ONLY $1/week Subscribe Now

Get the best of Indiana business news. ONLY $1/week Subscribe Now

Get the best of Indiana business news. ONLY $1/week Subscribe Now

Get the best of Indiana business news.

Limited-time introductory offer for new subscribers

ONLY $1/week

Cancel anytime

Subscribe Now

Already a paid subscriber? Log In

Get the best of Indiana business news.

Limited-time introductory offer for new subscribers

ONLY $1/week

Cancel anytime

Subscribe Now

Already a paid subscriber? Log In

Get the best of Indiana business news.

Limited-time introductory offer for new subscribers

ONLY $1/week

Cancel anytime

Subscribe Now

Already a paid subscriber? Log In

Get the best of Indiana business news.

Limited-time introductory offer for new subscribers

ONLY $1/week

Cancel anytime

Subscribe Now

Already a paid subscriber? Log In