Telecommunications giant AT&T announced Saturday that it had reset the passwords of 7.6 million customers after determining that compromised customer data was “published on the dark web.”
“Our internal teams are working with external cybersecurity experts to analyze the situation.” AT&T said. “As far as we know, the compromised data appears to be from 2019 or earlier and does not contain personal financial information or call history.”
The company said that “the information varies by customer and account,” but that it may have included a person's full name, email address, mailing address, phone number, Social Security number, date of birth, number AT&T account number and password.
In addition to those 7.6 million customers, 65.4 million former account holders were also affected.
The company said it would “separately contact individuals with compromised sensitive personal information and offer them free credit monitoring and identity theft services.”
AT&T said it reset the passwords of those affected and directed customers to a site with details on how to reset them.
technologycrunch, who first reported about password resetsaid it informed AT&T on Monday that “the leaked data contained encrypted passcodes that could be used to access AT&T customers' accounts.”
TechCrunch said it delayed publishing its article until the company “could begin resetting customer account passwords.”
In its report, TechCrunch said that “this is the first time AT&T has acknowledged that leaked data belongs to its customers, some three years after a hacker claimed the theft of 73 million AT&T customer records.”
AT&T said it did not know whether the leaked data “came from AT&T or one of its providers” and that it “has no evidence of unauthorized access to its systems that resulted in the theft of the data set.”
