AT&T Inc. changed 7.6 million account passcodes after 73 million current and past customers' personal data was exposed into the dark web.
Two weeks ago, 65.4 million former customers' data leaked into the black web. In an email to customers, AT&T stated customers' full names, email and postal addresses, phone numbers, Social Security numbers, dates of birth, account numbers, and passcodes may have been disclosed. It appears to lack call history and financial data.
AT&T stated Saturday that the data looks to be from 2019 or earlier. AT&T is investigating whether the data came from the firm or a vendor. Shares finished at $17.50 after falling roughly 3% Monday morning.
AT&T Network Expansion Work Caused Outage As of Saturday, AT&T said it has no proof of unauthorized access to its networks and that the leak hasn't affected its operations. “The company is communicating proactively with those impacted and will offer credit monitoring at our expense where applicable,” the statement said.
For the data breach, AT&T was sued in a class action complaint filed March 30 in the US District Court for the Northern District of Texas for irresponsibly maintaining customers' personally identifiable information and failing to safeguard its system.
The recent data theft comes three years after BleepingComputer reported that ShinyHunters stole the personal data of 70 million AT&T users. AT&T denied a data breach, stating the stolen data wasn't from its servers.
Media sources stated that the hacker sold a small sample of documents for $30,000 in 2021. ShinyHunters had previously claimed hacks against other US corporations but failed to sell stolen data to dark web customers.
After a data seller posted 73 million suspected AT&T records on a cybercrime forum, TechCrunch reported on the leak. TechCrunch told AT&T about the leak last week and delayed publishing until the firm reset the passcodes.
AT&T ranks third in US retail cellphone carriers behind Verizon Communications Inc. and T-Mobile US Inc. Federal investigators investigated the February corporate disruption, which took hours to fix. In 2022, T-Mobile settled a class-action lawsuit for $350 million after leaking over 50 million customer details. The next year, it announced another 37 million subscriber data leak.
View for more updates