AT&T Informs Regulators of Data Breach Exposing Millions of Customer Records

AT&T Informs Regulators of Data Breach Exposing Millions of Customer Records

AT&T Informs Regulators of Data Breach Exposing Millions of Customer Records

AT&T has initiated the process of informing state authorities and regulators in the United States about a security breach.

This action comes after verifying the authenticity of millions of customer records that surfaced online last month.

In compliance with legal obligations, AT&T has submitted notifications to state attorney general offices, including those of Maine and California, disclosing that over 51 million individuals have been affected by the breach, with approximately 90,000 of them residing in Maine.

As the largest telecommunications company in the United States, AT&T confirmed that the compromised data included customers' full names, email addresses, mailing addresses, dates of birth, phone numbers, and Social Security numbers. The leaked information was dated back to mid-2019 and earlier, with records containing valid data pertaining to more than 7.9 million current AT&T customers.

Although the breach has being detected three years after a subset of the leaked data initially surfaced online, AT&T's delayed response prevented a comprehensive analysis of the data. The full dataset of 73 million leaked customer records was only made public last month, allowing affected customers to verify the authenticity of their compromised information. Notably, the leaked data also included encrypted account passcodes, posing a significant risk to customer account security.

Following the publication of the complete dataset, a security researcher alerted TechCrunch that the encrypted passcodes within the leaked data were susceptible to decryption. Acting swiftly upon TechCrunch's notification on March 26, AT&T reset the affected account passcodes to mitigate the potential threat to customer security. TechCrunch refrained from publishing the story until AT&T had completed the process of resetting the passcodes.

In acknowledging the breach, AT&T confirmed that the leaked data belonged to both current and former customers, estimating that approximately 65 million former customers were impacted. Under state data breach notification laws, companies are mandated to disclose incidents affecting large numbers of individuals to state attorneys general. In its notifications filed in Maine and California, AT&T pledged to provide affected customers with identity theft and credit monitoring services.

Despite extensive efforts, AT&T has yet to determine the source of the data leak, leaving customers concerned about the security of their personal information. As investigations continue, AT&T remains committed to prioritizing customer data security and mitigating the impact of the breach on affected individuals.

Share this article

Leave your comments

Post comment as a guest

terms and condition.
  • No comments found

Share this article

Azamat Abdoullaev

Tech Expert

Azamat Abdoullaev is a leading ontologist and theoretical physicist who introduced a universal world model as a standard ontology/semantics for human beings and computing machines. He holds a Ph.D. in mathematics and theoretical physics. 

Cookies user prefences
We use cookies to ensure you to get the best experience on our website. If you decline the use of cookies, this website may not function as expected.
Accept all
Decline all
Read more
Tools used to analyze the data to measure the effectiveness of a website and to understand how it works.
Google Analytics