AT&T, the largest telecommunications provider in the United States, recently disclosed that a dataset containing personal details of about 73 million of its account holders from 2019 or earlier was discovered for sale on the dark web. This dataset includes sensitive information such as passcodes, Social Security numbers, email and mailing addresses, phone numbers, and birthdates.
Following this security breach, AT&T has contacted all impacted customers to inform them of the incident and advised them to reset their passcodes. The company has also issued a warning for customers to be cautious of emails prompting password changes and to verify their authenticity directly with AT&T before responding. The risk of cybercriminals leveraging this incident to send phishing emails with malicious links has increased.
The source of the breach is under investigation, with AT&T considering whether it originated internally or from an external vendor. The company may employ computer forensics experts to determine the precise cause.
AT&T is now tasked with removing any malware that may be in its customer account system, while ensuring uninterrupted service for unaffected customers. The company expects to incur substantial costs related to the breach investigation, remediation efforts, potential legal actions, and associated legal fees.
