Another Data Breach to Worry About!

AT&T has finally confirmed it is impacted by a data breach affecting 73 million current and former customers after initially denying the leaked data originated from them. Back in August 2021 they originally denied the data came from them.

This comes after AT&T has repeatedly denied (since August of 2021) that a massive trove of leaked customer data originated from them or that their systems had been breached.

While the company continues to say there is no indication their systems were breached, it has now been confirmed that the leaked data belongs to 73 million current and former customers.

Based on a preliminary analysis, the data set appears to be from 2019 or earlier, impacting approximately 7.6 million current AT&T account holders and approximately 65.4 million former account holders.

Troy Hunt, a security researcher and owner of “Have I Been Pwned,” recently obtained a copy of the full leaked dataset. Hunt concluded the leaked data was real by asking AT&T customers if their leaked records were accurate.

In a blog post analyzing the data, Hunt said that of the 73 million leaked records, the data contained 49 million unique email addresses, 44 million Social Security numbers, and customers dates of birth.

A new analysis of the fully leaked dataset — containing names, home addresses, phone numbers, Social Security numbers, and dates of birth — points to the data being authentic. Some AT&T customers have confirmed their leaked customer data is accurate. But AT&T still hasn’t said how its customers’ data spilled online.

What is clear is that even three years later, we’re still no closer to solving this “mystery” breach, nor can AT&T say how its customers’ data ended up online.

Even though this sounds like ancient history, the problem with this release of data on the Dark Web could have a devastating effect on past customers of AT&T. AT&T users social security numbers and dates of birth are now available for purchase by cyber-criminals.

A couple of suggestions for those who believe their information could end up in the wrong hands.

1: If you recall what the AT&T passwords were that you used when you were a subscriber, it’s time to change them. Especially if you re-used those passwords anywhere else. AT&T is only resetting passcodes for current accounts.

2: Since there’s so much personal information contained in this breached data, consider freezing your credit. The criminals have more than enough information to open accounts in your name. I realize this is a hassle, but I feel it’s a necessary step.

You should contact each of the three major credit bureaus — Equifax, Experian and TransUnion — individually to freeze your credit:

Equifax: Call 800-349-9960 or go online:
https://www.equifax.com/personal/credit-report-services/credit-freeze/

Experian: Go online to initiate, or for information, call 888‑397‑3742
https://www.experian.com/freeze/center.html

TransUnion: Call 888-909-8872 or go online.
https://www.transunion.com/credit-freeze

Thanks to Bleeping Computer, Troy Hunt and so many other folks for staying on top of this for the past 3 years!

https://haveibeenpwned.com/
https://www.troyhunt.com/inside-the-massive-alleged-att-data-breach/
https://www.bleepingcomputer.com/news/security/atandt-confirms-data-for-73-million-customers-leaked-on-hacker-forum/