AT&T has admitted to a data breach affecting 73 million current and former customers, following initial denials. The leaked data, which includes sensitive details like names, social security numbers, and passcodes, is believed to date back to 2019 or earlier. Despite AT&T’s assertions that their systems were not breached, they have reset compromised passcodes for 7.6 million customers as a precautionary measure. The company emphasizes that personal financial information and call history were not exposed in the breach.
This revelation comes after two years of denial from AT&T, despite claims by threat actors and subsequent data leaks on hacking forums. BleepingComputer’s analysis of the leaked data confirmed that it contained information consistent with what Shiny Hunters claimed to have stolen in 2021. Furthermore, customer reports indicate that the leaked data is closely tied to AT&T and DirecTV accounts, suggesting the origin lies with these companies.
Despite evidence pointing to AT&T’s involvement, the company has been slow to respond to inquiries and confirm the breach. While AT&T has reset compromised passcodes and pledged to notify all 73 million affected customers, questions linger about the security measures in place to prevent future breaches. The incident underscores the ongoing challenges companies face in safeguarding customer data and the need for transparency in addressing security incidents.
