What Happened
AT&T has confirmed a customer data breach that has impacted 73 million of its current and former customers. The issue came to light when personal information appeared on the dark web.
Initially, there was uncertainty about whether this data stemmed from AT&T’s systems or a third-party vendor. The investigation revealed the data’s release occurred two weeks ago, and it includes Social Security numbers among other personal details.
Impact
The AT&T customer data breach is substantial, affecting approximately 73 million customers in total. It impacted 7.6 million current account holders and 65.4 million former account holders.
The breached dataset includes names, addresses, phone numbers, and Social Security numbers for many customers. Additionally, the dataset appears to contain security passcodes used by 7.6 million customers to secure their accounts.
Such exposure raises substantial privacy and security concerns for the affected individuals.
Background
The situation originated in 2021 when Shiny Hunters, a recognized threat actor, announced they were selling data from 73 million AT&T customers.
AT&T initially denied these claims, suggesting the data did not originate from their systems. Yet, a recent leak on a hacking forum, purported to contain the same data set, prompted a reevaluation of the incident’s scope and origin.
Response from AT&T
AT&T consistently denied the breach until last weekend when they finally acknowledged it. Since then, the company has outlined the steps they have taken to mitigate the impact.
They have reset the passcodes for 7.6 million customers whose security details were compromised.
In addition, AT&T is notifying all affected individuals and offering guidance on how to secure their accounts and monitor for potential fraud.
To protect themselves, consumers are advised to create strong passwords, use multifactor authentication, monitor account activity, and consider setting up free credit freezes and fraud alerts.
- China Imposes Ban on Intel and AMD Processors
- [CVSS 10] Surging Exploit Attempts Target Critical Confluence Vulnerability
- Okta Security Breach: A Lesson in Cybersecurity Vigilance
- Black Cat Claims Trans-Northern Pipelines Cyberattack
- [Zero-Day]Ongoing Battle between Cisco and Exploit Actors
- US Government Places Bounty on Criminal Group Cl0p