AT&T Informs 51 Million Customers in the U.S. Their Data Was Exposed

AT&T Inc. has reported a massive data breach affecting over 51 million customers, linked to a data leak event that happened last month.

In late March 2024, AT&T has acknowledged that data affecting millions of its users and linked to the hacker group ShinyHunters, is authentic. The breach data, revealed by a threat actor on hacker forums last month, but dating back to August 2021, includes sensitive customer information.

Despite earlier denials and claims of no system compromise, cybersecurity analysis confirmed the data's authenticity, prompting AT&T to admit its validity. The scope of the impact was determined to 7.6 million current and 65.4 million former account holders, with AT&T advising affected users to follow specific security measures and planning personalized notifications for those impacted.

Those notifications are now sent to 51 million affected customers in the U.S. to ensure that they become aware of the risks and take advantage of the offered identity protection services to protect themselves from attacks.

The breach, which was discovered on March 26, 2024, resulted in the exposure of sensitive customer information on the dark web. The information compromised in this breach includes:

• full names
• email addresses
• mailing addresses
• phone numbers
• social security numbers
• dates of birth
• AT&T account numbers
• and AT&T passcodes

According to the telecommunications giant, financial details and call history were not part of the leaked data, and it appears to originate from June 2019 or earlier.

AT&T said it engaged in an extensive investigation upon discovery of the breach, with the assistance of both internal and external cybersecurity experts to understand the scope and impact. Furthermore, AT&T has taken steps to safeguard affected customers, including offering one year of complimentary credit monitoring and identity theft resolution services through Experian's IdentityWorks. This service aims to provide affected individuals with increased visibility into any fraudulent activity and includes an insurance policy of up to $1 million for expenses incurred due to identity theft.

For customers with active accounts impacted by this breach, AT&T has reset passcodes as a precautionary measure. The company emphasizes the importance of staying vigilant, recommending that customers closely monitor their accounts and credit reports for any unusual activities. Customers are also advised to be wary of unsolicited communications asking for personal information and to directly visit AT&T’s website for account management to avoid potential phishing attempts.

In the notification letter to its customers, AT&T expressed regret over the incident and reaffirmed its commitment to maintaining the security of customer information. The company has outlined steps for affected customers to enroll in the Experian IdentityWorks service and has provided a dedicated customer care line for any queries related to the breach.

As AT&T works to mitigate the effects of this breach, customers are urged to take advantage of the offered identity theft protection services and to follow the recommended security practices. The telecom giant's response wasn’t exactly swift, but customers should still take immediate advantage of the offered support and resources.