Earlier reported figures regarding a data breach at telecommunications giant AT&T have been dwarfed by the latest revelations. Initially confirming an AT&T data breach affecting 73 million accounts, the company now discloses that the impact extends to a staggering 51,226,382 customers, as disclosed in a filing with the Maine Attorney General’s Office.
Further, according to AT&T’s Customer Notification Letter, the breach came to light on March 26, 2024, and was traced back to a dataset released on the dark web on March 17, 2024.
Details of the AT&T Data Breach
AT&T notified that the compromised information included a variety of personal details such as full names, email addresses, mailing addresses, phone numbers, social security numbers, dates of birth, AT&T account numbers, and AT&T passcodes.
Notably, personal financial information and call history were reportedly not included in the exposed data. The data appears to date back to June 2019 or earlier.
“To the best of our knowledge, personal financial information and call history were not included. Based on our investigation to date, the data appears to be from June 2019 or earlier,” reads the AT&T notification letter.
Despite the scale of the AT&T data breach, AT&T has yet to disclose how the data was obtained, leaving customers and experts alike questioning the security measures in place and the company’s response protocols. The delay in confirming the breach and alerting affected customers—nearly five years after the incident—is drawing significant criticism and scrutiny.
Steps to Mitigate the Impact of AT&T Data Breach
In response to the breach, the Company is taking steps to mitigate the impact on affected customers. The company is offering complimentary credit monitoring, identity theft detection, and resolution services. Additionally, as a precautionary measure, passcodes for impacted accounts have been reset. Passcodes, typically four-digit numerical PINs, serve as an additional layer of security for account access.
AT&T has initiated a thorough investigation into the breach, with the support of internal and external cybersecurity experts. The company assures customers that it is continuously reviewing and updating security measures to safeguard their information.
However, questions regarding the discrepancy between the initially reported number of affected accounts and the revised figure persist. When questioned about this, AT&T cited the possibility of some individuals having multiple accounts within the dataset but has yet to provide further clarification.
“We are sending a communication to each person whose sensitive personal information was included. Some people had more than one account in the dataset, and others did not have sensitive personal information,” told AT&T Spokesperson to The Cyber Express.
AT&T Offering
While AT&T is offering one year of identity theft protection and credit monitoring services through Experian, recipients are urged to act swiftly to enroll in these services. The enrollment deadline is set for August 30, 2024, though affected individuals are advised to take immediate steps to protect themselves.
Customers are reminded to remain vigilant and monitor their accounts and credit reports for any suspicious activity. Furthermore, caution should be exercised when dealing with unsolicited communications, as scammers may attempt to exploit the breach for fraudulent purposes.
In light of the security lapse and the delayed response in notifying affected customers, AT&T is facing mounting legal challenges in the form of multiple class-action lawsuits across the United States.
The company’s handling of the breach will likely undergo further scrutiny as investigations continue and affected individuals seek restitution for the breach of their personal information.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
