3 April 2024

AT&T Reset 7.6 Million Customers’ Passcodes After Data Breach

Drew FitzGerald and Ginger Adams Otis

AT&T T -0.57%decrease; red down pointing triangle said it reset the passcodes of about 7.6 million account holders whose personal information was leaked on the dark web after a data breach.

The affected data set, which also includes information from more than 65 million former account holders, was leaked onto the dark web about two weeks ago but appears to have come from 2019 or earlier, the company said Saturday. It includes personal information such as names and Social Security numbers. The source of the security breach isn’t yet known, AT&T said.

AT&T said its internal investigation hasn’t turned up evidence “of unauthorized access to its systems resulting in exfiltration of the data set,” with the caveat that the probe is in its early stages. The company said its investigation is supported by internal and external cybersecurity experts.

Affected customers have been contacted by the telecommunications giant, which will offer credit monitoring services. The data breach hasn’t had a material impact on operations, the company said.

In 2021, a hacker claimed to have stolen customer records on 73 million customers. AT&T denied at the time that its systems had been breached.

TechCrunch, which first reported on the recent leak of the full data set, said a seller published the records on a known cybercrime forum in March. The news site said it informed AT&T last week that the leaked information included encrypted passcodes that could be used to hack accounts, prompting the company to reset existing customers’ codes.

AT&T is the latest big telecom company to disclose the theft of its customers’ personal details.
T-Mobile in 2022 agreed to pay $350 million to settle a class-action lawsuit over the leak of records on more than 50 million customers. The cellphone carrier in 2023 revealed another major breach of “basic customer information” on about 37 million subscribers.

Last month AT&T suffered a network failure that left people around the country without cellphone service for hours, frustrating customers and renewing concerns about the reliability of vital network infrastructure.

The outage resulted from “an incorrect process used as we were expanding our network,” an AT&T spokesman said at the time. The company apologized for the incident.

No comments: