Welcome to GRIP, Global Relay’s new digital information service on practical compliance and regulatory change.

Please enjoy this free trial of our subscription content service, for a limited time only.

  

Major AT&T data breach hits 73 million customers

A sign is posted in front of an AT&T retails store.
Photo: Justin Sullivan/Getty Images

Martina Lindberg

 Click to share on Facebook (Opens in new window) Click to share on Twitter (Opens in new window) Click to share on LinkedIn (Opens in new window) Click to share on WhatsApp (Opens in new window)

Some data has been found on the dark web, containing personal information such as social security numbers.

US telecoms company AT&T has suffered a major data breach affecting 7.6 million existing account holders and 65.4 million past subscribers.

The data has been found on the dark web, where it was included in a set of data which contained AT&T data-specific fields.

Some of the leaked data included customers’ personal information such as social security numbers. Euronews reports that the breached data included passcodes too, and that it is possible that full names, email addresses, mailing address, phone numbers, dates of birth and AT&T account numbers also were compromised.

AT&T says that it is not yet known if the data originated from the company itself or one of its vendors.

Another breach in 2023

The company has also launched a “robust investigation”, with support from both internal and external cybersecurity experts. “Based on our preliminary analysis, the data set appears to be from 2019 or earlier, impacting approximately 7.6 million current AT&T account holders and approximately 65.4 million former account holders,” AT&T said.

AT&T says it has no evidence that there’s been any unauthorized access to its systems.

The telecomms giant was exposed in a similar breach in early 2023. Data on nine million customers was breached when the company’s marketing vendor suffered a security failure. The breach came to light after customers posted the email communication from AT&T on community forums to determine if it was real or fraudulent.

“We recently determined that an unauthorized person breached a vendor’s system and gained access to your “Customer Proprietary Network Information” (CPNI). In our industry, CPNI is information related to the telecommunications services you purchase from us, such as the number of lines on your account or the wireless plan to which you are subscribed. However, please rest assured that no sensitive personal or financial information such as Social Security number or credit card information was accessed,” AT&T said then.

In that incident, the breached data included first names, wireless account numbers, wireless phone numbers, and email addresses.

, , , ,

You may also like