The personal information of over 73 million AT&T customers has been leaked on the “dark web” after a massive cybersecurity breach of the cellphone provider.
The company released a statement revealing an unknown source posted the hacked personal information online over the weekend.
The personal information includes social security numbers, the company confirmed.
The breach impacts 65.4m former customers and 7.6m current users.
According to the statement, the data has been shared on the “dark web.”
The dark web is a hidden part of the internet not indexed by regular search engines, accessed through specialized browsers like Tor, according to Kaspersky.
It hosts both legal and illegal activities, offering anonymity but also posing risks like scams and illicit content.
According to the statement from AT&T, the data set appears to be from 2019 or earlier.
The company is still assessing potential sources of the data, the statement said.
The statement reads:
“Currently, AT&T does not have evidence of unauthorized access to its systems resulting in exfiltration of the data set.
“The company is communicating proactively with those impacted and will be offering credit monitoring at our expense where applicable.”
Those impacted should closely monitor their account activity and credit reports, the company also said.
However, a preliminary investigation shows that the breach did not include customers’ personal financial information or call history.
This breach isn’t the first time AT&T has made headlines this year.
Last month, the company saw a widespread service outage impacting thousands of customers.
The outage raised concerns of a cyberattack.
However, the outages were due to “the application and execution of an incorrect process” during network expansion, the company said in a statement at the time.
The Federal Communications Commission (FEC) is also investigating the data breach.
Similarly, in December 2023 telecommunications company Xfinity reported that hackers exploited a vulnerability in their software.
The hackers “likely acquired” customers’ usernames and passwords.
The breach affected some 35.9m people.
This leaked data was also shared on the “dark web.”
For some customers, the hackers may have also identified the last four digits of social security numbers, account security questions, birthdates, and contact information.