(Dallas) AT&T said it has begun notifying millions of customers about the theft of personal data recently discovered online.
The telecommunications giant said Saturday that a dataset found on the “dark web” contained information such as the Social Security numbers of about 7.6 million current AT&T account holders and 65.4 million former account holders.
The company said it has already reset current users’ passcodes and will communicate with account holders whose sensitive personal information has been compromised.
It’s unclear whether the data “comes from AT&T or one of its suppliers,” the company said in a statement. The compromised data is from 2019 or earlier and does not appear to include financial information or call history, she added.
In addition to access codes and social security numbers, the breach can also involve email and postal addresses, telephone numbers and dates of birth.
Although the data surfaced on a hacking forum nearly two weeks ago, it closely resembles a similar data breach that surfaced in 2021 but which AT&T never acknowledged, noted cybersecurity researcher Troy Hunt.
“If they’re evaluating this and they’ve made the wrong choice on this, and several years have gone by without them being able to notify affected customers,” then it’s likely the company will do soon to face class action lawsuits, said Mr. Hunt, founder of an Australia-based website to alert people when their personal information has been exposed.
An AT&T spokesperson did not immediately respond to a request for comment Saturday.
This is not the first crisis this year for the Dallas-based company. An outage in February temporarily interrupted cell phone service for thousands of U.S. users. AT&T then blamed the incident on a technical coding error and not a malicious attack.