AT&T has suffered a data breach impacting the information of 73 million of its current and past customers. The dataset leaked on the dark web contains several fields of personal data belonging to AT&T’s customers from 2019 and earlier, the company said in a public statement released on Saturday.
The breached data, according to the company, affects approximately 7.6 million of its existing customers.
“AT&T has determined that AT&T data-specific fields were contained in a data set released on the dark web approximately two weeks ago,” the company said in the statement. “With respect to the balance of the data set, which includes personal information such as social security numbers, the source of the data is still being assessed.”
The company said it is unaware whether the data in those fields originated from AT&T or one of its vendors. Back in March 2023, the company suffered a breach of a similar scale that stemmed from a vendor exploit.
“AT&T has launched a robust investigation supported by internal and external cybersecurity experts,” the company said about its attempts to trace the leak.
Compromise of sensitive customer information
In addition to the 7.6 million existing customers, the dark web data also included the personal details of 65.4 million former AT&T account holders. “The information varied by customer and account, but may have included full name, email address, mailing address, phone number, social security number, date of birth, AT&T account number and passcode,” AT&T acknowledged.
In the 2023 data breach, the attackers specifically accessed and exfiltrated the customer proprietary network information (CPNI) data which pertains to critical subscribers’ information maintained by the telecommunication companies in the US. The CPNI consists of information on the services used, the amount paid for the services, and the type of usage opted for.
The compromised data, this time, does not contain personal financial information or call history, according to the company. However, the company admits it is aware that “a number of AT&T passcodes have been compromised.”
“The recent data breach at AT&T, which has exposed sensitive customer information like Social Security numbers, names, dates of birth, and possibly addresses, presents customers with a new set of risks distinct from previous breaches involving CPNI,” said Sakshi Grover, research manager at IDC. “This breach opens the door to various dangers, including financial fraud and identity theft, as Social Security numbers are prime targets for identity thieves, enabling them to open fraudulent accounts or file false tax returns.”
“As of today, this incident has not had a material impact on AT&T’s operations,” AT&T said in the statement issued on Saturday.
Vigilance cautioned
AT&T said it is reaching out to all 7.6M impacted customers and has reset their passcodes. “We encourage customers to remain vigilant by monitoring account activity and credit reports,” the company said.
Additionally, AT&T advised customers to set up free fraud alerts from global credit bureaus, including Equifax, Experian, and TransUnion.
The company’s failure to identify the source of the leak will likely affect customer trust and AT&T’s business in the long run. The huge corpus of recently breached data, along with CPNI data of 9 million customers hacked in 2023, ought to raise some eyebrows about AT&Ts internal and network security controls.
“Currently, AT&T does not have evidence of unauthorized access to its systems resulting in theft of the data set,” the company said. However, it is entirely possible that a threat actor had possession of the data from a past exploit and is only releasing them now.
“Data breaches often have delayed exposure. Cybercriminals may hoard pilfered data for various motives. They might await opportune moments to monetize it, leverage it for subsequent attacks, or prolong their concealment to evade detection,” IDC’s Grover said. “An intruder could have infiltrated AT&T’s systems earlier using a method that has since been mitigated. However, this still leaves customers impacted.”