Global phone giant, AT&T confirms data breach, resets millions of customer passcodes as investigation begins

Advertisements

Following the online discovery earlier this month of a massive cache of data containing AT&T user records, the phone company AT&T has announced resetting the passcodes for millions of its customers.

The company revealed on Saturday that it is looking into an event that occurred two weeks ago and resulted in the publication of millions of customer records on the dark web, an area of the internet that is only accessible with specialised software.

AT&T stated that an initial examination of the leak suggests the dataset likely originates from 2019 or earlier, affecting approximately 7.6 million current and 65.4 million former account holders.

The dataset contains sensitive personal information, including Social Security numbers, and was disclosed on the dark web around two weeks ago.

According to AT&T, there is no evidence of unauthorized access to its systems, and the leak has not significantly impacted the company’s operations to date.

“As of today, this incident has not had a material impact on AT&T’s operations,” the company wrote in a press release on Saturday.

AT&T has advised users, who will be notified via email if they were affected, to establish fraud alert accounts and monitor their account activity and credit reports. The company has not determined the origin of the leak yet.

In February, AT&T customers faced an extended cellular outage, attributed by the company to a system malfunction rather than a cyberattack.

Subsequently, AT&T’s CEO, John Stankey, issued an apology for the inconvenience and offered customer credits to those affected.

This marks the first instance where AT&T has officially recognized that the leaked data pertains to its customers, occurring approximately three years after a hacker alleged the theft of 73 million AT&T customer records. Despite AT&T previously refuting any breach of its systems, the origin of the leak remains undetermined.

On Saturday, AT&T stated that “it is still unclear whether the data in those fields originated from AT&T or one of its vendors.”

We earlier reported that the Companies and Intellectual Property Commission (CIPC), the South African organisation in charge of business registrations and the defence of intellectual property rights, disclosed the ordeal of its cyber security breach weeks ago.