AT&T is currently informing millions of customers about a significant data breach involving personal information, which was recently uncovered online.
The data, discovered in a dataset on the dark web, affects approximately 7.6 million current AT&T customers and 65.4 million former customers. This dataset includes sensitive information like Social Security numbers.
Though the source of the breach is unclear, with uncertainty about whether it originated from AT&T or one of its vendors, the company has confirmed that the compromised data dates back to 2019 or earlier. Crucially, it doesn’t seem to include financial details or call records. However, the data may encompass email and postal addresses, phone numbers, and birth dates.
AT&T has already taken steps to safeguard its current users by resetting their passcodes and is in the process of reaching out to those whose personal information was jeopardised.
This breach seems to echo a similar incident from 2021, which AT&T did not officially recognise, according to cybersecurity expert Troy Hunt. The similarity between the two incidents raises questions about AT&T's data protection protocols and could potentially lead to class-action lawsuits, especially if it is determined that the company did not adequately respond to the initial breach.
Adding to AT&T's challenges this year, the company faced a major outage in February, disrupting cellphone service for thousands of US users. While this was attributed to a technical error rather than a cyberattack, it adds to the growing concerns about the company's ability to protect and manage its network and customer data. An AT&T spokesperson has not yet commented on this latest data breach.