AT&T denies any evidence of unauthorized access but admits that a data set released on the Dark Web including Social Security numbers and other sensitive information on tens of millions of customers is genuine.
Two weeks after a massive tranche of data, including purported sensitive information on more than 70 million AT&T customers, was put up for sale on the Dark Web, the telecom company has admitted that the list includes legitimate customer information.
But while AT&T has confirmed that the data is authentic, the company stressed that the ongoing investigation has not turned up evidence it was exfiltrated from AT&T's systems, adding that investigators are still making assessments. In the days after the data was listed for sale, the company similarly pushed back on the idea its systems were compromised.
It's worth noting that in the wake of a similar AT&T data leak in 2021, the company likewise denied a compromise of its systems when a different database purported to contain the information on 70 million of the company's users was put up for auction on the Dark Web.
"AT&T has launched a robust investigation supported by internal and external cybersecurity experts," the AT&T statement on the latest data leak explained. "Based on our preliminary analysis, the data set appears to be from 2019 or earlier, impacting approximately 7.6 million current AT&T account holders and approximately 65.4 million former account holders."
As additional details of the data leak emerge, experts like Narayana Pappu, CEO at Zendata, said AT&T needs to course correct.
"The concern is mainly around internal processes at AT&T, which originally denied that a data breach even occurred back in 2021 before admitting it," Pappu said in a statement. "Assuming this information is from the previous hack (2021), hopefully, AT&T has already implemented remediation, asking users to update their information. If it has not, AT&T should evaluate the processes they have in place to identify exposure and remediation."
The millions of current and former AT&T customers potentially impacted by the data leak need to understand the severity of the compromise, according to a statement from Anne Cutler, cybersecurity evangelist with Keeper Security.
"The severity of this data breach is significantly heightened because of the personally identifiable information (PII), including full names, email addresses, mailing addresses, phone numbers, Social Security numbers, dates of birth, AT&T account numbers and passcodes, that were part of the compromised data," Cutler said. "The immediate concern is the potential exploitation of this exposed data, which could lead to various malicious activities such as identity theft, phishing attacks and unauthorized access to user accounts."