AT&T, the largest telecommunications network in the United States, revealed that personal information belonging to millions of past and present customers has been exposed online. The dataset, discovered on the “dark web,” comprises details of approximately 7.6 million current account holders and 65.4 million former users, totaling around 73 million affected accounts.
The company clarified that it remains uncertain whether the breach originated from AT&T or one of its vendors. According to their statement released on Saturday, the compromised data seems to date back to 2019 or earlier and does not include personal financial information or call history.
AT&T is actively notifying the 7.6 million current account holders affected by the breach and has already reset passcodes while conducting an investigation. The leaked data potentially includes passcodes, Social Security numbers (SSNs), email and mailing addresses, phone numbers, and birth dates.
Reports of the breach emerged nearly two weeks ago on a hacking forum, though it remains unclear whether this incident is linked to a similar breach in 2021, which AT&T did not acknowledge. The previous breach involved a hacker claiming access to data from 70 million AT&T customers, intending to sell the stolen information for profit.
Cybersecurity expert Troy Hunt, creator of Have I Been Pwned?, warned of potential class action lawsuits against AT&T if impacted customers are not promptly notified. Hunt confirmed that at least 153,000 of his customers were affected by the breach.
Earlier in February, AT&T faced technical challenges resulting in a mobile phone service outage affecting thousands of users. The company attributed the incident to a technical coding error rather than a malicious attack, though it notably impacted AT&T more severely than other networks.