Reports surfaced in mid-March regarding AT&T customer data circulating on the dark web, with the telecommunications giant taking around two weeks to confirm the authenticity of the leaked information.
AT&T acknowledged that the leaked data pertained to approximately 7.6 million existing customers and around 65.4 million former customers, dating back to 2019 or earlier.
Initially, only social security numbers were said to be compromised. Still, subsequent letters to affected individuals revealed a broader range of compromised information, including full names, email and mailing addresses, phone numbers, dates of birth, social security numbers, and AT&T account numbers and passcodes.
Despite assurances that personal financial data and call histories were not included, AT&T disclosed to the Maine Attorney General that more than 51 million individuals had been impacted by the incident, suggesting the possibility of duplicate or erroneous records being left out from the leaked database.
While the exact source of the data, which has been circulating online since 2021, remains unknown, AT&T has refuted claims that it originated from its systems. To mitigate potential harm, affected customers are being offered one year of complimentary credit monitoring and identity theft protection services.
This incident comes after AT&T's data breach at a third-party vendor in March 2023, compromising the customer proprietary network information (CPNI) of 9 million people.