An AT&T store in New York. A data breach has compromised information linked to 7.6 million current customers, the telco said on Saturday.
Richard Drew/AP
Hide title
Change the title
Richard Drew/AP
An AT&T store in New York. A data breach has compromised information linked to 7.6 million current customers, the telco said on Saturday.
Richard Drew/AP
AT&T announced Saturday that it is investigating a data breach involving the personal information of more than 70 million current and former customers that was leaked on the dark web.
According to Information on infringement On the company's website, 7.6 million current account holders and 65.4 million former account holders were affected. An AT&T Press release It said the breach occurred two weeks ago and that the incident has not yet had a “material impact” on its operations.
AT&T said the information contained in the compromised data set varies from person to person. This includes Social Security numbers, full names, email and mailing addresses, phone numbers and dates of birth, as well as AT&T account numbers and passwords.
The company has yet to identify the source of the leak, at least publicly.
“Based on our preliminary analysis, the data set appears to be from 2019 or earlier,” the company said. “Currently, AT&T has no evidence of unauthorized access to its systems resulting in the theft of the data set.”
The company said it has “reached out to 7.6 million affected customers and reset their passwords” by email or letter, and plans to contact current and former account holders with sensitive personal information that was compromised. It said it plans to offer “complimentary identity theft and credit monitoring services” to victims of the breach.
Outside cybersecurity experts have been brought in to assist in the investigation.
NPR reached out to a few AT&T stores. Sales representatives in all cases said they were not yet aware of the breach.
On its website, the telco encouraged customers to closely monitor account activity and credit reports.
“Aggrieved consumers should make it a priority to change passwords, monitor other accounts and consider freezing their credit with the three credit bureaus because their Social Security numbers were exposed,” Carmen Balber, executive director of Consumer Watchdog, a consumer advocacy group, told NPR.
An industry rife with data leaks
AT&T experienced Multiple data breaches for many years.
For example, in March 2023, the company notified 9 million wireless customers that their customer information had been accessed in a breach by a third-party marketing vendor.
In August 2021 – in an incident AT&T has not linked to the latest breach – a hacking The group said it sells data related to more than 70 million AT&T customers. At the time, AT&T denied the source of the data. It was leaked online again earlier this month. According to a March 22 TechCrunch article, a new analysis of the leaked dataset indicates that the AT&T customer data is real. “Some AT&T customers have confirmed that their leaked customer data is accurate,” TechCrunch reported. “But AT&T has yet to say how its customers' data was spread online.”
AT&T is by no means the only US telecom provider with a history of compromised customer data. The problem is widespread throughout the industry. A 2023 data breach affected 37 million T-Mobile customers. Last month, a data breach at Verizon affected more than 63,000 people, most of them Verizon employees.
A 2023 report US telecommunications companies are a lucrative target for hackers, according to cyber intelligence firm Cyble. Most recent data breaches are attributed to third-party vendors, the study says. “These third-party breaches can lead to large-scale supply-chain attacks and affect large numbers of users and organizations worldwide,” the report said.
Government rules are applicable
Meanwhile, last December, the Federal Communications Commission (FCC) updated its 16-year-old data breach notification rules to ensure telecommunications providers adequately protect sensitive customer information. A step Press releaseThe rules “hold phone companies accountable for protecting sensitive customer information, while helping customers protect themselves if their data is compromised.”
“It makes no sense to trap our policies in the analog era,” said FCC Chair Jessica Rosenworcel. Report Regarding changes. “Now that our phones know so much about where we go and who we are, we need rules on the books to ensure carriers keep our information safe and cyber-secure.”
