AT&T Data Leak Exposes 73 Million Customers' Information

AT&T has confirmed a data leak in which the information of 73 million current and former customers was released on a dark web criminal marketplace two weeks ago.

The information varies by customer and account, but may have included full name, email address, mailing address, phone number, Social Security number, date of birth, AT&T account number and passcode.

AT&T said it’s not yet known whether the data originated from it or one of its vendors.

“AT&T has launched a robust investigation supported by internal and external cybersecurity experts,” the carrier said. “Based on our preliminary analysis, the data set appears to be from 2019 or earlier, impacting approximately 7.6 million current AT&T account holders and approximately 65.4 million former account holders. Currently, AT&T does not have evidence of unauthorized access to its systems resulting in exfiltration of the data set. The company is communicating proactively with those impacted and will be offering credit monitoring at our expense where applicable.”

AT&T also said this data leak hasn’t had a material impact on its operations. We couldn’t reach AT&T for additional comments.

Data Breach Leaves Individuals Vulnerable to Cyber Crime

Lisa Plaggemier, executive director of the National Cybersecurity Alliance, said this data leak is poised to have far-reaching consequences.

NCA's Lisa Plaggemier

“With sensitive data like Social Security numbers, names and contact details exposed, individuals are vulnerable to identity theft, financial fraud and other malicious activities,” she said. “Additionally, the breach erodes consumer trust in AT&T's security measures, potentially leading to reputational damage and financial losses for affected individuals and the company alike.”

Identifying the perpetrators behind the data theft remains challenging, Plaggemier said.

“Possibilities range from sophisticated cybercriminal organizations seeking financial gain through data resale or identity theft, to state-sponsored actors engaged in espionage efforts or geopolitical maneuvers,” she said. “The lack of concrete attribution underscores the complexity of tracing such breaches and highlights the need for robust cybersecurity measures across the telecommunications industry.”

In response to the breach, customers and organizations must take immediate steps to mitigate risks, Plaggemier said. Customers should change passwords associated with AT&T accounts, monitor financial accounts for suspicious activity and consider implementing credit freezes. Organizations must reinforce cybersecurity protocols, including encryption, multifactor authentication (MFA) and regular security audits, to safeguard against future breaches and restore consumer trust.

“This data breach aligns with ongoing trends in the cybersecurity landscape, where large-scale breaches targeting personal information are increasingly prevalent,” she said. “It underscores the persistent challenges faced by organizations in defending against sophisticated cyber threats and highlights the need for continuous investment in cybersecurity infrastructure and regulatory compliance. The breach underscores the importance of collaboration between industry stakeholders, cybersecurity experts and regulatory bodies to address evolving threats effectively and enhance data protection standards across the telecommunications sector.”

Concerns About AT&T’s Internal Processes

Narayana Pappu, CEO at Zendata, said any data breach that exposes customers' personal information is significant.

Zendata's Narayana Pappu

“The concern is mainly around internal processes at AT&T, which originally denied that a data breach even occurred back in 2021 before admitting it,” he said. “Assuming this information is from the previous hack (2021), hopefully, AT&T has already implemented remediation, asking users to update their information. If it has not, AT&T should evaluate the processes they have in place to identify exposure and remediation. From a customer perspective, they should update the passcodes, which should be done on a regular basis even if there is no breach, and lock their SIM from porting to another carrier to prevent SIM swaps.”

Anne Cutler, cybersecurity evangelist at Keeper Security, said the severity of this data breach is significantly heightened because of the personally identifiable information (PII) that were part of the compromised data.

“The immediate concern is the potential exploitation of this exposed data, which could lead to various malicious activities such as identity theft, phishing attacks and unauthorized access to user accounts,” she said. “Current and former AT&T customers should assume they’ve already been breached and act accordingly. Proactive steps individuals can and should take immediately include changing login information for their account with AT&T, getting a dark web monitoring service, monitoring or freezing their credit, and practicing good cyber hygiene. By using strong and unique passwords for every account, enabling MFA everywhere possible, updating software regularly and always thinking before they click, individuals can greatly increase their personal cybersecurity."

In cases where personal information is stolen, threats from the data breach persist even after it’s been discovered and contained, Cutler said. It’s imperative for both current and former customers of AT&T to take proactive steps to protect themselves from cybercriminals using their personal information for identity theft and targeted attacks.