AT&T, the largest telecommunications provider in the United States, recently discovered that a dataset containing the details of approximately 73 million of its account holders from 2019 or earlier was being sold on the dark web. This dataset includes sensitive information such as passcodes, Social Security numbers, email and mailing addresses, phone numbers, and birthdates.
In response to this security breach, AT&T has notified all impacted customers and advised them to reset their passcodes. The company has also cautioned these customers to be wary of emails requesting password changes and to verify their authenticity directly with AT&T before taking any action. There is an elevated risk of cybercriminals leveraging this situation to distribute phishing emails with malicious links.
The source of the breach is currently under investigation. AT&T is determining whether the breach originated internally or through an external vendor and may enlist the expertise of computer forensics specialists to identify the exact cause.
AT&T is now tasked with removing any malware that might be present in its customer account system and ensuring uninterrupted service for customers not impacted by the breach. The company expects significant costs related to the breach investigation, remediation efforts, potential legal actions, and associated legal fees.
