AT&T Data Breach Confirmed

A news release confirmed an AT&T data breach exposing 73 million current and former customers to a dark web marketplace for fraudsters, according to an article by The Record.

In mid-March, an AT&T spokesperson said the company had “no indication” that systems were compromised and said the data set might be the same one offered for sale in 2021 by a hacker group called ShinyHunters. A hacker known as “MajorNelson” is currently offering stolen data for free and credited ShinyHunters with the original data theft. 

According to the AT&T spokesperson, “We determined in 2021 that the information offered on this online forum did not appear to have come from our systems. We are working to confirm that the data set discussed today is the same dataset that has been recycled several times on this forum.”

The data includes Social Security numbers, names, email addresses, mailing addresses, phone numbers, dates of birth, AT&T account numbers, and passcodes. According to Recorded Future News, the company doesn’t know whether the data was stolen from AT&T systems or a vendor. 

AT&T has published a guide for people whose data is for sale. It has reset their passcodes and is contacting them individually. It intends to offer complimentary identity theft and credit monitoring services and will contact affected individuals by mail or email.

AT&T has a history of cybersecurity problems. It disputes claims that a 2022 breach that yielded information belonging to 23 million Americans was connected to AT&T, but security researchers and cybersecurity firms say otherwise.