Telecommunications giant AT&T said Saturday that it had reset the passwords of 7.6 million customers after discovering that compromised customer data had been “published on the dark web.”
“Our internal teams are working with external cybersecurity experts to analyze the situation,” AT&T said. “To the best of our knowledge, the compromised data appears to be from 2019 or earlier and does not include any personal financial information or call history.”
The company said that “the information varied by customer and account,” but that it may include full name, email address, mailing address, telephone number, social security number, date of birth, AT&T I traded a person’s account number and passcode.
In addition to these 7.6 million customers, 65.4 million former account holders were also affected.
The company said it would “separately target individuals with sensitive personal information compromised and provide free identity theft and credit monitoring services.”
AT&T said it reset the passcodes for those affected and directed customers to a website with details on how to reset those passwords. It also said a “comprehensive investigation with the support of internal and external cybersecurity experts” would be launched.
A company representative did not address specific questions about how the breach occurred or why it went unnoticed for so long.
TechCrunch, which first reported the passcode reset, said it informed AT&T on Monday that “the leaked data contained encrypted passcodes that could be used to access AT&T customer accounts.”
TechCrunch said it delayed publication of its article until the company could “begin resetting passwords for customer accounts.”
In its report, TechCrunch said: “This is the first time AT&T has admitted that the leaked data belongs to its customers, some three years after a hacker claimed the theft of 73 million AT&T customer data.”
AT&T had previously denied a breach of its systems, but how the leak occurred was unclear, TechCrunch reported.
AT&T said it did not know whether the leaked data “came from AT&T or one of its providers” and that it had “no evidence of unauthorized access to its systems that resulted in the theft of the data set.”
The episode comes after AT&T customers experienced a widespread outage last month that temporarily disrupted connections for users in the United States for several hours. The outage on February 22nd affected customers in cities including Atlanta, Los Angeles and New York.
According to Downdetector.com, which tracks user reports of telecommunications and Internet disruptions, there were about 70,000 reports of disrupted wireless carrier services at peak times.
A few days later, AT&T offered customers affected by the outage a $5 credit to “remedy the situation.”
Source link
2024-03-30 22:03:50
www.nytimes.com
