AT&T Data Breach Notification
AT&T, a telecommunications company, has recently notified millions of current and former customers regarding a data breach that occurred last month, which led to the compromise of sensitive account information. The exact number of affected individuals remains unspecified by the company, with conflicting figures provided in different sources.
Details of the Breach
According to a mandatory filing with the Maine Attorney General’s office, AT&T disclosed that approximately 51.2 million account holders had their data compromised. However, on the corporate website, the company indicated that the number of affected individuals stood at around 73 million. The compromised data included personal details such as full names, email addresses, mailing addresses, phone numbers, social security numbers, dates of birth, AT&T account numbers, and passcodes. Fortunately, personal financial information and call history were not part of the leaked data, which seemed to be from June 2019 or earlier.
The disclosure further revealed that out of the 73 million affected customers, 7.6 million were current customers while 65.4 million were former customers. In response to the breach, AT&T has taken action by resetting the account personal identification numbers (PINs) of all current customers and initiating notifications through mail to both current and former customers.
Suspected Vulnerabilities
A security researcher, as reported by TechCrunch, highlighted concerns that the passcodes were stored in an encrypted format that may be easily decrypted, raising questions about the level of protection implemented by AT&T. The situation was further complicated by Bleeping Computer’s revelation in 2021 that over 70 million records containing AT&T customer data were offered for sale at a price of $1 million. Despite AT&T denying ownership of the data at that time, subsequent investigations linked the leaked information to the company’s customer database.
Although the exact cause of the breach remains undisclosed by AT&T, the delay in acknowledging the data ownership has raised eyebrows. The company’s response to the breach and the implementation of appropriate security measures moving forward will be crucial in mitigating any potential risks for affected individuals.
Protecting Against Potential Scams
Given the prolonged exposure of the data, the likelihood of significant harm resulting from its circulation is relatively low. Nevertheless, current and former AT&T customers are advised to remain vigilant against possible scams targeting them based on the leaked information. To assist affected individuals, AT&T is offering one year of free identity theft protection to help safeguard against fraudulent activities and unauthorized use of personal data.
Image/Photo credit: source url