AT&T logo

AT&T confirms 73 million people affected by data breach

Telecommunications giant AT&T has finally confirmed that 73 million current and former customers have been caught up in a massive dark web data leak. The leaked data includes names, addresses, mobile phone numbers, dates of birth, and social security numbers.

Malwarebytes VP of Consumer Privacy, Oren Arar, describes the AT&T breach as “especially risky” because much of the type of data that’s been exposed. “SSN, name, date of birth—this is personal identifiable information (PII) that cannot be changed, and if scammers gets their hands on it, it just makes their work in stealing peoples identities a lot easier.”

The data came to light a few weeks ago when it was put up for sale on an online cybercrime forum, but the seller, a hacker calling themselves “MajorNelson”, claimed it had been stolen from AT&T three years prior.

In 2021, a hacker named “Shiny Hunters” put a database apparently containing the personal details of 70 million AT&T customers up for sale, but AT&T denied the leak was its data, and denied it again when the data appeared on the dark web last month. It has since revised its position as it wrestles with the thorny problem of investigating what happened on its computers three years ago.

In its latest statement, the company confirmed that the leak contained “AT&T data-specific fields,” but said it had not yet determined the source of that data.

AT&T has determined that AT&T data-specific fields were contained in a data set released on the dark web approximately two weeks ago. While AT&T has made this determination, it is not yet known whether the data in those fields originated from AT&T or one of its vendors. With respect to the balance of the data set, which includes personal information such as social security numbers, the source of the data is still being assessed.

However, it also said that it believes that the leak affects 7.6 million current customers, and the leaked data is “from 2019 or earlier”.

Based on our preliminary analysis, the data set appears to be from 2019 or earlier, impacting approximately 7.6 million current AT&T account holders and approximately 65.4 million former account holders.

In a separate statement, the company also said it is reaching out to the people affected by the breach.

It has come to our attention that a number of AT&T passcodes have been compromised. We are reaching out to all 7.6M impacted customers and have reset their passcodes. In addition, we will be communicating with current and former account holders with compromised sensitive personal information.

Personal information like names, addresses, phone numbers, passcodes, and social security numbers are prized assets for cybercriminals because they can be used to make scams much more believable.

In particular, this information will make it easier for criminals to pose as AT&T, and all 73 million people affected by this breach will need to be on their guard for scammers using it as a pretext to send personalised, AT&T-branded emails and messages.

Protecting yourself after a data breach

There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.

  • Check the vendor’s advice. Every breach is different, so check with the vendor to find out what’s happened, and follow any specific advice they offer.
  • Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
  • Enable two-factor authentication (2FA). If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
  • Watch out for fake vendors. The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims, and verify the identity of anyone who contacts you using a different communication channel.
  • Take your time. Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
  • Consider not storing your card details. It’s definitely more convenient to get sites to remember your card details for you, but we highly recommend not storing that information on websites.
  • Set up identity monitoring. Identity monitoring alerts you if your personal information is found being traded illegally online, and helps you recover after.

Check if your data has been breached

Our Digital Footprint records now include the AT&T data so you can check if your information has been exposed online. Submit your email address (it’s best to submit the one you use most frequently) to our free Digital Footprint scan and we’ll send you a report.