AT&T notifies users and resets millions of passcodes after theft of personal data online

AT&T begins notifying millions of customers about theft of personal data recently discovered

Matt O'Brien
Saturday 30 March 2024 23:52 EDT
FILE: AT&T ‘Foam Fingers’ advert features actress Milana Vayntrub

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

AT&T said it has begun notifying millions of customers about the theft of personal data recently discovered online.

The telecommunications giant said Saturday that a dataset found on the “dark web” contains information such as Social Security numbers for about 7.6 million current AT&T account holders and 65.4 million former account holders.

The company said it has already reset the passcodes of current users and will be communicating with account holders whose sensitive personal information was compromised.

It is not known if the data "originated from AT&T or one of its vendors,” the company said in a statement. The compromised data is from 2019 or earlier and does not appear to include financial information or call history, it said. In addition to passcodes and Social Security numbers, it may include email and mailing addresses, phone numbers and birth dates.

While the data surfaced on a hacking forum nearly two weeks ago, it closely resembles a similar data breach that surfaced in 2021 but which AT&T never acknowledged, said cybersecurity researcher Troy Hunt.

“If they assess this and they made the wrong call on it, and we’ve had a course of years pass without them being able to notify impacted customers,” then it's likely the company will soon face class action lawsuits, said Hunt, founder of an Australia-based website for warning people when their personal information has been exposed.

An AT&T spokesperson didn't immediately return a request for comment Saturday.

It is not the first crisis this year for the Dallas-based company. An outage in February temporarily knocked out cellphone service for thousands of U.S. users. AT&T at the time blamed the incident on a technical coding error, not a malicious attack.

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in