AT&T on Saturday revealed that personal data from 73 million current and former account holders had been compromised and “released on the dark web.”
In a statement, the Dallas-based company said that it reset the passcodes of 7.6 million customers. The telecommunications giant also said the codes of 65.4 million former account holders were also affected, The Dallas Morning News reported.
The company added that “information varied by customer and account,” but that it may have included a person’s full name, email address, mailing address, phone number, Social Security number, date of birth, AT&T account number and passcode, according to The New York Times.
“Our internal teams are working with external cybersecurity experts to analyze the situation,” AT&T said in its statement. “To the best of our knowledge, the compromised data appears to be from 2019 or earlier and does not contain personal financial information or call history.”
AT&T said that the data was released onto the dark web about two weeks ago, the Morning News reported.
It is not known if the data “originated from AT&T or one of its vendors,” WFAA-TV reported.
AT&T officials said they would be “reaching out to individuals with compromised sensitive personal information separately and offering complimentary identity theft and credit monitoring services,” according to the Times.
The company said the data breach had not had a material impact on its operations, the Morning News reported. AT&T said that customers impacted have received emails informing them about the breach, adding that customers must reset their passcodes.
[ AT&T outage caused by software update, not external actor, company says ]
News of the passcode reset was first reported by TechCrunch. The website said it told AT&T on March 25, but delayed releasing its report until the communications company “could begin resetting customer account passcodes,” the Times reported.
“We encourage customers to remain vigilant by monitoring account activity and credit reports. You can set up free fraud alerts from nationwide credit bureaus — Equifax, Experian, and TransUnion,” AT&T wrote on its website. “You can also request and review your free credit report at any time via Freecreditreport.com.”
The dark web leak comes after AT&T suffered a nationwide outage in its cellular service on Feb. 22. The company blamed the outage on a software update and not a cyberattack.