AT&T mentioned it has begun notifying hundreds of thousands of consumers in regards to the theft of non-public knowledge just lately found on-line.
The telecommunications big mentioned Saturday {that a} dataset discovered on the “darkish net” comprises info equivalent to Social Safety numbers for about 7.6 million present AT&T account holders and 65.4 million former account holders.
The corporate mentioned it has already reset the passcodes of present customers and will probably be speaking with account holders whose delicate private info was compromised.
It’s not recognized if the information “originated from AT&T or one in all its distributors,” the corporate mentioned in an announcement. The compromised knowledge is from 2019 or earlier and doesn’t seem to incorporate monetary info or name historical past, it mentioned. Along with passcodes and Social Safety numbers, it might embody electronic mail and mailing addresses, cellphone numbers and start dates.
Whereas the information surfaced on a hacking discussion board almost two weeks in the past, it carefully resembles an analogous knowledge breach that surfaced in 2021 however which AT&T by no means acknowledged, mentioned cybersecurity researcher Troy Hunt.
“In the event that they assess this they usually made the unsuitable name on it, and we’ve had a course of years go with out them with the ability to notify impacted clients,” then it is probably the corporate will quickly face class motion lawsuits, mentioned Hunt, founding father of an Australia-based web site for warning folks when their private info has been uncovered.
An AT&T spokesperson did not instantly return a request for remark Saturday.
It’s not the primary disaster this 12 months for the Dallas-based firm. An outage in February quickly knocked out cellphone service for hundreds of U.S. customers. AT&T on the time blamed the incident on a technical coding error, not a malicious assault.