AT&T has started informing millions of customers about the exposure of personal data recently found online.
The telecommunications company mentioned that a set of data discovered on the “dark web” includes details like Social Security numbers for approximately 7.6 million existing AT&T account holders and 65.4 million former account holders.
They have already changed the passcodes for current users and will reach out to account holders whose sensitive personal information was compromised.
AT&T stated that it's unclear whether the data came from AT&T or one of its vendors. The exposed data is from 2019 or earlier and doesn't seem to involve financial details or call history. Apart from passcodes and Social Security numbers, it may involve email and mailing addresses, phone numbers, and birth dates.
Even though the data emerged on a hacking forum nearly two weeks ago, it closely resembles a similar data breach that came up in 2021, which AT&T never acknowledged, according to cybersecurity researcher Troy Hunt.
Troy Hunt, the founder of an Australia-based website that alerts people about their personal information being exposed, warned that if AT&T made a wrong assessment and didn't notify impacted customers for years, the company may soon face class action lawsuits.
A comment from an AT&T spokesperson was not immediately available on Saturday.
This year has already seen another crisis for the Dallas-based company. In February, a service outage affected thousands of U.S. users, which AT&T attributed to a technical coding error, not a malicious attack.