AT&T has confirmed that the data set leaked on the dark web some two weeks ago does contain “AT&T data-specific fields”.
According to AT&T, the batch includes data of approximately 7.6 million current AT&T account holders and approximately 65.4 million former account holders: full name, email address, mailing address, phone number, social security number, date of birth, AT&T account number and passcode.
“To the best of our knowledge, the compromised data appears to be from 2019 or earlier and does not contain personal financial information or call history,” they added, and urged customers to keep an eye on their account activity and credit reports – just in case.
The data set was leaked two weeks ago on a dark web forum, and seems to be the same data set that had been offered for sale in 2021.
AT&T said at the time that the data did not come from their systems, and still maintains that they don’t “Have evidence of unauthorized access to its systems resulting in exfiltration of the data set,” and that they don’t yet known “Whether the data in those fields originated from AT&T or one of its vendors.”
Affected users will be contacted by the company via email or letter, which means that customers should be probably be also on the lookout for phishing emails posing as AT&T. They can also check whether their data is included in the data set by entering the email they used to create an AT&T account into Have I Been Pwned?
