Telecom giant AT&T announced on Saturday that it had reset the passwords of 7.6 million customers after it found that compromised customer data had been “circulated on the dark web”.
“Our internal teams are working with external cybersecurity experts to analyze the situation,” AT&T said. “To our knowledge, the breached data appears to be from 2019 or earlier and does not contain personal financial information or call history.”
The company said that “the information varied by customer and account,” but that it may have included full name, email address, mailing address, phone number, social security number, date of birth, AT&T account number and password.
In addition to these 7.6 million customers, 65.4 million former account holders were also affected.
The company said it will “separately contact individuals with compromised personal information and offer free identity theft and credit monitoring services.”
AT&T said it reset passwords for those affected and directed customers to a website with details on how to reset them. It also said it was launching a “robust investigation supported by internal and external cyber security experts”.
A company spokesman did not respond to specific questions about how the breach occurred or why it went unnoticed for so long.
TechCrunch, which first reported the password reset, said it notified AT&T on Monday that “the leaked data contained encrypted passwords that could be used to access AT&T customer accounts.”
TechCrunch said it delayed publishing its article until the company “can begin resetting customer account passwords.”
In its report, TechCrunch said “this is the first time AT&T has acknowledged that the leaked data belongs to its customers, nearly three years after a hacker claimed to have stolen 73 million AT&T customer records.”
AT&T previously denied its systems were breached, but how the leak occurred was unclear, TechCrunch reported.
AT&T said it did not know whether the leaked data “came from AT&T or one of its suppliers” and that it “has no evidence of unauthorized access to its systems resulting in the theft of the data set.”
The episode comes after AT&T customers experienced a widespread outage last month that temporarily knocked out connections for users across the United States for several hours. The February 22 outage affected customers in cities including Atlanta, Los Angeles and New York.
At its peak, there were about 70,000 service outage reports for the wireless carrier, according to Downdetector.com, which tracks user reports of telecom and Internet outages.
A few days later, AT&T offered customers affected by the outage a $5 credit in an effort to “make it right.”
1 Comment
Aliya Benson