AT&T is notifying customers that some of their personal information has been hacked as a result of a massive data breach — one of the largest in U.S. history.
AT&T said the breach occurred on the dark web in mid-March.
Customers received an AT&T email Thursday including that the utility has determined that “some of your personal information was compromised.”
“To the best of our knowledge, the compromised data does not include personal financial information or call history.”
AT&T previously told customers that while the information varied by customer and account, what could have been stolen includes full name, email address, mailing address, phone number, Social Security number, date of birth, AT&T account number and passcode.
Meanwhile, the number of affected customers may be considerably lower from 7.6 million current and 65.4 million former customers cited March 30 to a combined 51.2 million, the latter according to a filing submitted Wednesday to the Maine Attorney General’s Office.
People are also reading…
Maine had 89,842 customers affected. The N.C. Attorney General’s Office could not be immediately reached to determine how many North Carolinians are affected.
The California Attorney General’s Office posted the latest full AT&T statement to customers.
AT&T said it is offering customers a year of complimentary credit monitoring, identity theft detection and resolution services, provided by Experian’s IdentityWorks platform. It offers up to $1 million in insurance coverage.
The Experian service requires enrollment and activation by Aug. 30. Go to att.com/accountsafety for more details or call Experian customer care at 833-931-4853.
AT&T said it has reset passcodes for customers. “When you sign in to your online account or call customer care, we’ll provide details to help you personalize your passcode,” AT&T said.
“While AT&T has made this determination, it is not yet known whether the data in those fields originated from AT&T or one of its vendors,” the utility said in its news release.
AT&T has not disclosed the source of how the breach occurred, although it said it does not have evidence of unauthorized access to its systems resulting from the data set.
“We encourage customers to remain vigilant by monitoring account activity and credit reports,” AT&T said.
According to PCmag.com, AT&T is facing dozens of potential class-action lawsuits, most filed in Texas where AT&T has its headquarters.
PCmag.com has reported that a hacking group called ShinyHunters started selling the stolen AT&T data back in 2021. At the time, AT&T denied that the information had come from its systems.
The leak resurfaced in March when a user called MajorNelson began circulating another 5GB archive that appeared to contain the same AT&T data.
Lisa Plaggemier, executive director of the National Cybersecurity Alliance, said regularly monitoring financial statements and credit reports for any suspicious activity “can also help individuals detect and respond to potential breaches promptly.”
“Furthermore, freezing their credit with the credit bureaus is a proactive measure to prevent unauthorized access to their credit information and can provide added security in the event of a data breach,” she said.