Telecommunications Giant Faces Huge Data Breach, Resets Millions of Passcodes

This post is also available in: עברית (Hebrew)

The telecommunications company AT&T reported last week that a dataset found on the dark web contains information like the Social Security numbers of about 7.6 million current AT&T account holders and 65.4 million former account holders. The company further reported that it had already reset the passcodes of current users and would be communicating with account holders whose sensitive personal information was compromised.

According to Techxplore, AT&T claimed in a statement that it is not currently known whether the data originated from AT&T itself or one of its vendors. The compromised data is reportedly at least from the year 2019 and does not appear to include financial information or call history. In addition to passcodes and Social Security numbers, however, it may include email and mailing addresses, phone numbers, and birth dates.

Cybersecurity researcher and expert Troy Hunt reports that the data surfaced on a hacking forum nearly two weeks ago, and very it closely resembles a similar data breach that surfaced back in 2021, but which AT&T never acknowledged. Hunt explains that if AT&T assesses this and realizes they’ve made the wrong call on it, and we’ve had a course of years pass without them being able to notify impacted customers, then it’s likely the company will soon face class action lawsuits. Hunt is also the founder of an Australia-based website the sole purpose of which is to warn people when their personal information has been exposed online.

While an AT&T spokesperson has not yet responded at the time of writing, this is not the first crisis the company has faced in 2024 – back in February, an outage temporarily disabled cellphone service for thousands of US users, an incident AT&T blamed at the time on a technical coding error, not a malicious attack.