In what may be termed as one of the largest cybersecurity breaches of the year, AT&T, the telecommunications behemoth, confirmed personal data of 73 million current and former customers has been leaked onto the dark web. The startling revelation, once again underscores the growing concerns regarding customer data safety, particularly in the telecommunications sector.
The leaked data was first noticed approximately two weeks ago and includes invaluable personal data such as Social Security numbers. AT&T, while accepting the magnitude of the data leak, remained uncertain about the actual origin of data in its statement. The company said, “It is not yet known whether the data … originated from AT&T or one of its vendors.”
The data encompasses information dating back to 2019 or earlier, with no records of financial data, or specifics about call history being found. The total breach includes nearly 7.6 million current account holders and 65.4 million former customers.
In response to the breach, AT&T is reaching out to its customers and urging them to reset their account passcodes. They are also warning customers to monitor their accounts and credit reports critically, offering to cover the cost of credit monitoring for affected individuals where required.
AT&T was alerted to the leak by account vx-underground on March 17. The incident marks a severe breach in AT&T’s data security, the company’s third major security issue over the past decade. AT&T faced a similar case in 2015 that led to a record $25 million fine by the Federal Communications Commission (FCC) post investigation, which revealed theft of details of an estimated 280,000 individuals from call centers in Mexico, Colombia, and the Philippines.
- June 2010: iPad Email Address Leak
- A hacker group known as Goatse Security discovered a vulnerability in AT&T’s system that allowed access to email addresses of AT&T 3G service customers for the Apple iPad without a password.
- Goatse Security used a script to collect thousands of email addresses from AT&T.
- The group informed AT&T about the security flaw through a third party and later disclosed around 114,000 of these email addresses to Gawker Media.
- Gawker Media published an article about the security flaw in Valleywag, leading to criticism of the web application’s poor design by Praetorian Security Group.
- April 2015: $25 Million Fine for Data Breaches
- AT&T was fined $25 million by the Federal Communications Commission (FCC), marking the largest fine issued by the FCC for breaking data privacy laws.
- The investigation revealed the theft of personal details of approximately 280,000 people from call centers in Mexico, Colombia, and the Philippines.
- March 2024: Massive Data Leak
- AT&T confirmed a leak that occurred in 2021, affecting over 7.6 million current users and 65 million former users.
- The leaked records potentially included sensitive information such as full names, email addresses, mailing addresses, phone numbers, social security numbers, dates of birth, AT&T account numbers, and passcodes.
Information Box:
Incident: AT&T Data Breach
Data Exposed: Personal details including Social Security numbers
Date of Notice: March 30, 2024
Exposed Information Dates Back to: 2019
Persons Affected: 7.6 Million current account holders, 65.4 Million former account holders
Initiatives taken by AT&T: Account passcode reset notifications, credit monitoring offers at company’s expense.
References:
1. Rothenberg, Eva. “AT&T says personal data from 73 million current and former account holders leaked onto dark web.” CNN, Sat March 30, 2024.
2. “AT&T data security breaches history.” Wikipedia, Accessed April 1, 2024.
3. “AT&T fined over data breach,” The Federal Communications Commission (FCC), April 2015.
4. “The Dark Web: What it is and how it works,” Vox Technology, March 17, 2024.