AT&T admitted that a data breach circulating online contained information on more than 7.6 million current customers and 65 million former customers. The company has reset the security passwords of affected active customers and said the compromised information “may include full names, email addresses, mailing addresses, phone numbers, Social Security numbers, dates of birth, AT&T account numbers and passwords.”
AT&T is contacting affected customers via “email or letter” to let them know what data is included and what response it has made on behalf of the customer.
The company didn’t admit the leaked data was real until 2021 (first leak report emerges) TechCrunch AT&T was notified of the vulnerability in its encryption passwords on Monday. Passwords are typically four-digit numeric PINs used to secure accounts during company support or in-store verification calls, and analysis by security researchers shows that passwords are “easily decipherable.”
The FAQ says customers can set up free fraud alerts from credit bureaus Equifax, Experian and TransUnion. AT&T said the data set “appears to be from 2019 or earlier and does not contain personal financial information or call records.” The company said it is working with “external cybersecurity experts to analyze the situation,” and so far, it has not ” Evidence of authorized access to their systems”.